[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Cluster 09 - MULT (34 candidates)




All:

The following cluster, MULT, is actually a medium-controversy cluster.
This cluster includes candidates with multiple executables split into
multiple vulnerabilities, but some might want to roll them up; *or*,
multiple programs with the same function; *or*, the same application
but on multiple operating systems.

I am proposing this earlier than some other low-controversy clusters
for several reasons:
  - it's related to Adam Shostack's question on the same vulnerability
    showing up in different applications
  - there may be some benefit to discussing some CVE content issues
    earlier in the process, rather than later (Dave, Bill Hill, and I
    have had some internal debate on this, and agreed to try this
    "experiment")
  - this will help to gauge how much controversy to expect in later
    clusters

- Steve


Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0009
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: XF:bind-bo
Reference: SUN:00180

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases

VOTE: 

=================================
Candidate: CAN-1999-0010
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: XF:bind-dos

Denial of Service vulnerability in BIND 8 Releases via maliciously
formatted DNS messages

VOTE: 

=================================
Candidate: CAN-1999-0011
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: XF:bind-dos
Reference: SUN:00180

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases
via CNAME record and zone transfer

VOTE: 

=================================
Candidate: CAN-1999-0016
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.28.Teardrop_Land
Reference: FreeBSD:FreeBSD-SA-98:01
Reference: XF:cisco-land
Reference: XF:land
Reference: XF:95-verv-tcp
Reference: XF:land-exploit
Reference: XF:land-patch
Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml

Land IP denial of service

VOTE: 

=================================
Candidate: CAN-1999-0025
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul 
Reference: XF:df-bo

root privileges via buffer overflow in df command on SGI IRIX systems

VOTE: 

=================================
Candidate: CAN-1999-0026
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul 
Reference: XF:pset-bo

root privileges via buffer overflow in pset command on SGI IRIX systems

VOTE: 

=================================
Candidate: CAN-1999-0027
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul 
Reference: XF:eject-bo

root privileges via buffer overflow in eject command on SGI IRIX systems

VOTE: 

=================================
Candidate: CAN-1999-0028
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul 

root privileges via buffer overflow in login/scheme command on SGI IRIX systems

VOTE: 

=================================
Candidate: CAN-1999-0029
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul
Reference: XF:ordist-bo

root privileges via buffer overflow in ordist command on SGI IRIX systems

VOTE: 

=================================
Candidate: CAN-1999-0030
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.24.IRIX.xlock.buffer.overflow.vul
Reference: XF:sgi-xlockbo
Reference: SGI:19970508-02-PX

root privileges via buffer overflow in xlock command on SGI IRIX systems

VOTE: 

=================================
Candidate: CAN-1999-0068
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-php-mylog

CGI PHP mylog script allows an attacker to read any file on the
target server.

VOTE: 

=================================
Candidate: CAN-1999-0075
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:pasvcore

PASV core dump in FTP daemon

VOTE: 

=================================
Candidate: CAN-1999-0076
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:ftp-args

Core dump from FTP arguments

VOTE: 

=================================
Candidate: CAN-1999-0092
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:006.1

Various vulnerabilities in the AIX portmir command allows
local users to obtain root access.

VOTE: 

=================================
Candidate: CAN-1999-0101
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:001.1
Reference: SUN:00137
Reference: NAI:NAI-1

Buffer overflow in AIX and SunOS "gethostbyname" library call allows
root access through corrupt DNS host names.

VOTE: 

=================================
Candidate: CAN-1999-0124
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability
Reference: XF:gopher-vuln

Vulnerabilities in UMN gopher and gopher+ allow an intruder to read
any files that can be accessed by the gopher daemon.

VOTE: 

=================================
Candidate: CAN-1999-0126
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:VB-98.04.xterm.Xaw
Reference: CIAC:J-010

SGI IRIX buffer overflow in xterm and Xaw allows root access.

VOTE: 

=================================
Candidate: CAN-1999-0127
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-96.27.hp_sw_install
Reference: AUSCERT:AA-96.04
Reference: XF:hpux-swinstall

swinstall and swmodify commands in SD-UX package in HP-UX systems
allow local users to create or overwrite arbitrary files to gain root
access.

VOTE: 

=================================
Candidate: CAN-1999-0138
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-96.12.suidperl_vul

The suidperl and sperl program do not give up root privileges when
changing UIDs back to the original users, allowing root access.

VOTE: 

=================================
Candidate: CAN-1999-0231
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6
packages using a long VRFY command, causing a denial of service and
possibly remote access.

VOTE: 

=================================
Candidate: CAN-1999-0261
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

Netmanager Chameleon SMTPd has several buffer overflows that cause a crash.

VOTE: 

=================================
Candidate: CAN-1999-0282
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-95.12.sun.loadmodule.vul

Vulnerabilities in loadmodule and modload programs in SunOS and OpenWindows

VOTE: 

=================================
Candidate: CAN-1999-0284
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:smtp-helo-bo

Denial of service to NT mail servers including Ipswitch, Mdaemon, and
Exchange through a buffer overflow in the SMTP HELO command.

VOTE: 

=================================
Candidate: CAN-1999-0333
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: RSI:RSI.0009.09-08-98.HP-UX.OMNIBACK
Reference: XF:omniback-remote

Omniback allows remote execution of commands as root via spoofing, and
local users can gain root access via a symlink attack.

VOTE: 

=================================
Candidate: CAN-1999-0346
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

CGI PHP mlog script allows an attacker to read any file on the target
server.

VOTE: 

=================================
Candidate: CAN-1999-0354
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: NTBUGTRAQ:Jan27,1999
Reference: MS:MS99-002

Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution
of Visual Basic programs to the IE client through the Word 97
template, which doesn't warn the user that the template contains
executable content.  Also applies to Outlook when the client views a
malicious email message.

VOTE: 

=================================
Candidate: CAN-1999-0368
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-99.03
Reference: NETECT:palmetto.ftpd

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to
remote root access, a.k.a. palmetto.

VOTE: 

=================================
Candidate: CAN-1999-0415
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers

The Clickstart web server in Cisco 700 series routers allows remote
attackers to execute commands on the router, or perform information
gathering, without authentication.

VOTE: 

=================================
Candidate: CAN-1999-0416
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers

The Clickstart web server in Cisco 700 series routers allows remote
attackers to perform a denial of service.

VOTE: 

=================================
Candidate: CAN-1999-0435
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: HP:HPSBUX9903-096

MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain
privileges through SAM.

VOTE: 

=================================
Candidate: CAN-1999-0467
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-webcom-guestbook

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a
remote attacker to read arbitrary files using the template key.

VOTE: 

=================================
Candidate: CAN-1999-0488
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: MS:MS99-012

MSHTML.DLL in Internet Explorer allows a remote attacker to execute
security scripts in a different security context, using malicious
URLs.

VOTE: 

=================================
Candidate: CAN-1999-0489
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: MS:MS99-012

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to read
the contents of a user's clipboard, aka untrusted scripted paste.

VOTE: 

=================================
Candidate: CAN-1999-0490
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: MS:MS99-012

MSHTML.DLL in Internet Explorer allows a remote attacker to learn
information about a local user's files.

VOTE: 

Page Last Updated or Reviewed: May 22, 2007