|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] MODIFY-01 cluster: 25 CERT candidates moved to MODIFICATION phase
All: The following 25 candidates have been moved to the MODIFICATION phase. They represent the bulk of the CERT cluster that I haven't made a Final Decision on yet. I have defined a MODIFY-01 cluster to hold these vulnerabilities. I expect to move these candidates to Interim Decision by Friday June 25, barring any issues raised by the Editorial Board; so I expect to make a Final Decision on these by 6/30. 1) I have changed the candidates slightly to reflect board members' comments. These changes are explicitly noted in the candidate list. 2) Editorial Board members need to re-vote for these candidates. In the next email, I will list people's votes for the original candidates. 3) I've changed the format of the candidate list slightly. It includes the dates of each phase for the candidate, and a specific line for you to fill in your vote. Please list your vote on the VOTE: line after each candidate, and reply with the full text. I know this takes up bytes, but I've been tallying votes manually and I'm getting concerned about making some mistakes. I hope to refine this process as time goes on. 4) Most of the modifications involve adding references to the X-Force database; some involve minor changes to the description text. Thanks, - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0003 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:aix-ttdbserver Reference: XF:tooltalk Reference: CERT:CA-98.11.tooltalk Reference: NAI:NAI-29 Reference: SGI:19981101-01-A Reference: SGI:19981101-01-PX Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd) Modifications: ADDREF XF:aix-ttdbserver ADDREF XF:tooltalk VOTE: ================================= Candidate: CAN-1999-0004 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: CERT:CA-98.10.mime_buffer_overflows Reference: XF:outlook-long-name Reference: SUN:00175 MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook. Modifications: ADDREF MS:MS98-008 DESC include Outlook VOTE: ================================= Candidate: CAN-1999-0018 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: CERT:CA-97.26.statd Reference: XF:statd Reference: AUSCERT:AA-97.29 Buffer overflow in statd allows root privileges. Modifications: DESC remove CERT advisory from text VOTE: ================================= Candidate: CAN-1999-0035 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:ftp-ftpd Reference: CERT:CA-97.16.ftpd Reference: AUSCERT:AA-97.03 Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. Modifications: ADDREF XF:ftp-ftpd VOTE: ================================= Candidate: CAN-1999-0046 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: CERT:CA-97.06.rlogin-term Reference: XF:rlogin-termbo Buffer overflow of rlogin program using TERM environmental variable Modifications: DELREF XF:bsdi-rlogind ADDREF XF:rlogin-termbo VOTE: ================================= Candidate: CAN-1999-0049 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:sgi-csetup Reference: CERT:CA-97.03.csetup Csetup under IRIX allows arbitrary file creation or overwriting. Modifications: ADDREF XF:sgi-csetup VOTE: ================================= Candidate: CAN-1999-0051 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:sgi-licensemanager Reference: CERT:CA-97.01.flex_lm Reference: AUSCERT:AA-96.03 Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. Modifications: ADDREF XF:sgi-licensemanager VOTE: ================================= Candidate: CAN-1999-0078 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: CERT:CA-96.08.pcnfsd Reference: XF:rpc-pcnfsd pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. Modifications: DELREF XF:nfs-pcnfsd VOTE: ================================= Candidate: CAN-1999-0099 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: CERT:CA-95.13.syslog.vul Reference: XF:smtp-syslog A buffer overflow in the syslog utility allows remote execution through Sendmail and possibly other mail servers. Modifications: DESC could be through other mailers besides Sendmail VOTE: ================================= Candidate: CAN-1999-0117 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:ibm-passwd Reference: CERT:CA-92:07.AIX.passwd.vulnerability AIX passwd allows local users to gain root access. Modifications: ADDREF XF:ibm-passwd VOTE: ================================= Candidate: CAN-1999-0128 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:ping-death Reference: CERT:CA-96.26.ping Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. Modifications: ADDREF XF:ping-death COMMENT Andre's other suggested ref's were for a buffer overflow COMMENT in the ping program, which is a different vulnerability. DESC slight wording change to identify this as Ping o' Death *only* VOTE: ================================= Candidate: CAN-1999-0130 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:sendmail-daemon-mode Reference: CERT:CA-96.24.sendmail.daemon.mode Local users can start Sendmail in daemon mode and gain root privileges. Modifications: ADDREF XF:sendmail-daemon-mode VOTE: ================================= Candidate: CAN-1999-0131 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:smtp-875bo Reference: CERT:CA-96.20.sendmail_vul Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. Modifications: ADDREF XF:smtp-875bo VOTE: ================================= Candidate: CAN-1999-0132 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:expreserve Reference: CERT:CA-96.19.expreserve Reference: XF:expreserve Expreserve, used in vi and ex, allows local users to overwrite arbitrary files and gain root access. Modifications: ADDREF XF:expreserve VOTE: ================================= Candidate: CAN-1999-0134 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:sol-voldtmp Reference: CERT:CA-96.17.Solaris_vold_vul Reference: AUSCERT:AL-96.04 vold in Solaris 2.x allows local users to gain root access Modifications: ADDREF XF:sol-voldtmp VOTE: ================================= Candidate: CAN-1999-0135 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:sun-admintool Reference: CERT:CA-96.16.Solaris_admintool_vul Reference: AUSCERT:AL-96.03 admintool in Solaris allows a local user to write to arbitrary files and gain root access. Modifications: ADDREF XF:sun-admintool VOTE: ================================= Candidate: CAN-1999-0136 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:sol-KCMSvuln Reference: AUSCERT:AL-96.02 Reference: CERT:CA-96.15.Solaris_KCMS_vul Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. Modifications: ADDREF XF:sol-KCMSvuln VOTE: ================================= Candidate: CAN-1999-0137 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:linux-dipbo Reference: CERT:CA-96.13.dip_vul Reference: XF:dip-bo The dip program on many Linux systems allows local users to gain root access via a buffer overflow. Modifications: ADDREF XF:linux-dipbo VOTE: ================================= Candidate: CAN-1999-0141 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:http-java-applet Reference: CERT:CA-96.07.java_bytecode_verifier Reference: SUN:00134 Java Bytecode Verifier allowed malicious applets to execute arbitrary commands as the user of the applet. Modifications: ADDREF XF:http-java-applet VOTE: ================================= Candidate: CAN-1999-0155 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:gscript-dsafer Reference: CERT:CA-95.10.ghostscript The ghostscript command with the -dSAFER option allows remote attackers to execute commands. Modifications: ADDREF XF:gscript-dsafer VOTE: ================================= Candidate: CAN-1999-0164 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:sol-pstmprace Reference: AUSCERT:AA-95.07 Reference: CERT:CA-95.09.Solaris.ps.vul A race condition in the Solaris ps command allows an attacker to overwrite critical files. Modifications: ADDREF XF:sol-pstmprace VOTE: ================================= Candidate: CAN-1999-0208 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:rpc-update Reference: CERT:CA-95.17.rpc.ypupdated.vul rpc.ypupdated (NIS) allowed remote users to execute arbitrary commands. Modifications: ADDREF XF:rpc-update VOTE: ================================= Candidate: CAN-1999-0209 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:selsvc Reference: CERT:CA-90.05.sunselection.vulnerability The SunView (SunTools) selection_svc facility allows remote users to read files. Modifications: ADDREF XF:selsvc VOTE: ================================= Candidate: CAN-1999-0267 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:http-port Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability Buffer overflow in NCSA HTTP daemon v1.3 allowed remote command execution. Modifications: ADDREF XF:http-port VOTE: ================================= Candidate: CAN-1999-0277 Published: Final-Decision: Interim-Decision: Modified: 19990621-01 Announced: 19990607 Assigned: 19990607 Category: SF Reference: XF:workman Reference: CERT:CA-96.23.workman_vul The WorkMan program can be used to overwrite any file to get root access. Modifications: ADDREF XF:workman VOTE:
|
||||
