|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] PROPOSAL: Cluster 11 - BUF (32 candidates)
The following cluster is a Low controversy cluster of vulnerabilities for buffer overflows that occur in a single application. - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0047 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.05.sendmail MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. VOTE: ================================= Candidate: CAN-1999-0058 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: NAI:NAI-12 Reference: XF:http-phpbo Reference: XF:http-cgi-phpbo Buffer overflow in PHP cgi program, php.cgi allows shell access. VOTE: ================================= Candidate: CAN-1999-0064 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:lquerylv-bo Buffer overflow in AIX lquerylv program gives root access to local users. VOTE: ================================= Candidate: CAN-1999-0071 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-apache-cookie Reference: NAI:NAI-2 Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. VOTE: ================================= Candidate: CAN-1999-0085 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:rwhod Reference: XF:rwhod-vuln rwhod buffer overflow in AIX VOTE: ================================= Candidate: CAN-1999-0102 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:slmail-fromheader-overflow Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line. VOTE: ================================= Candidate: CAN-1999-0108 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF The printers program in IRIX has a buffer overflow that gives root access to local users. VOTE: ================================= Candidate: CAN-1999-0109 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in ffbconfig in Solaris 2.5.1 VOTE: ================================= Candidate: CAN-1999-0112 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in AIX dtterm program for the CDE VOTE: ================================= Candidate: CAN-1999-0122 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in AIX lchangelv gives root access. VOTE: ================================= Candidate: CAN-1999-0139 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. VOTE: ================================= Candidate: CAN-1999-0182 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: CIAC:H-110 Reference: XF:nt-samba-bo Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. VOTE: ================================= Candidate: CAN-1999-0187 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: SUN:00179 The rdist program in Solaris has some buffer overflows that allow attackers to gain root access. VOTE: ================================= Candidate: CAN-1999-0192 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: SNI:SNI-20 Reference: XF:bsd-tel-tgetent Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. VOTE: ================================= Candidate: CAN-1999-0206 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. VOTE: ================================= Candidate: CAN-1999-0219 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:ftp-servu Buffer overflow in Serv-U FTP server when user performs a cwd to a directory with a long name. VOTE: ================================= Candidate: CAN-1999-0230 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in Cisco 760 routers through the telnet service. VOTE: ================================= Candidate: CAN-1999-0232 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. VOTE: ================================= Candidate: CAN-1999-0235 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. VOTE: ================================= Candidate: CAN-1999-0244 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: NAI:NAI-23 Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. VOTE: ================================= Candidate: CAN-1999-0255 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in ircd allows arbitrary command execution. VOTE: ================================= Candidate: CAN-1999-0256 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:war-ftpd Buffer overflow in War FTP allows remote execution of commands. VOTE: ================================= Candidate: CAN-1999-0276 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF mSQL v2.0.1 and below allows remote execution through a buffer overflow. VOTE: ================================= Candidate: CAN-1999-0297 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: NAI:NAI-3 Buffer overflow in Vixie Cron 2.1 allows local users to obtain root access. VOTE: ================================= Candidate: CAN-1999-0315 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:fdformat-bo Buffer overflow in Solaris fdformat command gives root access to local users. VOTE: ================================= Candidate: CAN-1999-0317 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:su-bo Buffer overflow in Linux su command gives root access to local users. VOTE: ================================= Candidate: CAN-1999-0318 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:xmcd-envbo Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. VOTE: ================================= Candidate: CAN-1999-0319 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:xmcd-tiflestr Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting. VOTE: ================================= Candidate: CAN-1999-0339 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:sol-sun-libauth Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. VOTE: ================================= Candidate: CAN-1999-0373 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: ISS:Buffer Overflow in "Super" package in Debian Linux Buffer overflow in the "Super" utility in Debian Linux and other operating systems allows local users to execute commands as root. VOTE: ================================= Candidate: CAN-1999-0375 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: NAI:February 16, 1999 Reference: BUGTRAQ:Feb16,1999 Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. VOTE: ================================= Candidate: CAN-1999-0405 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: HERT:002 Reference: BUGTRAQ:Feb18,1999 A buffer overflow in lsof allows local users to obtain root privilege. VOTE:
|
||||
