[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VOTE SUMMARY: all active clusters


All:

Since I added the VOTE: line, people have been responding directly to
me in emails, instead of to the list.  (Any opinions out there on
which is preferable?)  The vote summary below makes those responses
"public."  This new VOTE: format allows me to more easily capture
people's comments, which are also listed with each candidate.

The clusters are ordered according to the scheduled Final Decision
date.

I will make Andre's extremeley minor (but quite reasonable)
description changes in MODIFY-01 when I move those candidates to the
Interim Decision phase.

Note that the MODIFY-01 and VEN clusters - or at least portions of
them - are scheduled for Interim Decision on June 28th.

- Steve



--------------------- CLUSTER MODIFY-01 ---------------------

MODIFY-01 (25 candidates) --> portion of CERT cluster to be modified
Proposed: 6/7
Modified: 6/22
Scheduled Interim Decision: 6/28
Scheduled Final Decision: 7/2


Least controversial candidates are listed first.

Voters:
  Shostack
  Frech
  Northcutt


ACCEPT
=======================

CAN-1999-0003  ACCEPT(3) NOVOTE(3)
CAN-1999-0018  ACCEPT(3) NOVOTE(3)
CAN-1999-0035  ACCEPT(3) NOVOTE(3)
CAN-1999-0049  ACCEPT(3) NOVOTE(3)
CAN-1999-0051  ACCEPT(3) NOVOTE(3)
CAN-1999-0078  ACCEPT(3) NOVOTE(3)
CAN-1999-0117  ACCEPT(3) NOVOTE(3)
CAN-1999-0128  ACCEPT(3) NOVOTE(3)
CAN-1999-0130  ACCEPT(3) NOVOTE(3)
CAN-1999-0131  ACCEPT(3) NOVOTE(3)
CAN-1999-0132  ACCEPT(3) NOVOTE(3)
CAN-1999-0135  ACCEPT(3) NOVOTE(3)
CAN-1999-0136  ACCEPT(3) NOVOTE(3)
CAN-1999-0137  ACCEPT(3) NOVOTE(3)
CAN-1999-0155  ACCEPT(3) NOVOTE(3)
CAN-1999-0164  ACCEPT(3) NOVOTE(3)
CAN-1999-0209  ACCEPT(3) NOVOTE(3)
CAN-1999-0277  ACCEPT(3) NOVOTE(3)


MODIFY
=======================

CAN-1999-0004  ACCEPT(1) MODIFY(1) NOVOTE(4)
 Frech> Extremely minor, but I believe e-mail is the correct term. (If you reject
 Frech> this suggestion, I will not be devastated.) :-)

CAN-1999-0046  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Frech> Every sentence is followed by a period (unless you are a criminal,
 Frech> and then it follows with an appeal.)

CAN-1999-0099  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Shostack> Anything that passes bad data to syslog might be used to proxy this,
 Shostack> not just mail servers.

CAN-1999-0134  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Frech> Period follows the end of a sentence in the description.

CAN-1999-0141  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Frech> "allows malicious applets..." since this vuln relates to the time
 Frech> when this vulnerability existed.

CAN-1999-0208  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Frech> "allows remote users..." since this vuln's context pertains to
 Frech> when the service was vulnerable.

CAN-1999-0267  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Frech> "allows remote..." (keeping it in present tense)






--------------------- CLUSTER VEN-AIX ---------------------

VEN-AIX (10 candidates) --> candidates with advisories from AIX vendor
Proposed: 6/17
Scheduled Interim Decision: 6/28
Scheduled Final Decision: 7/2


Least controversial candidates are listed first.

Voters:
  Shostack
  Frech
  Northcutt
  Christey


MODIFY
=======================

CAN-1999-0072  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Frech> Reference: XF:ibm-xdat

CAN-1999-0086  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Frech> Reference: XF:ibm-routed

CAN-1999-0088  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Frech> ERS (and other references, BTW) explicitly stipulate 'local and
 Frech> remote'.
 Frech> Reference: XF:irix-autofsd

CAN-1999-0089  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Frech> Reference: XF:ibm-libDtSvc

CAN-1999-0090  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Frech> Reference: XF:ibm-rcp

CAN-1999-0091  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Frech> Reference: XF:ibm-writesrv

CAN-1999-0093  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Frech> Reference: XF:ibm-nslookup

CAN-1999-0094  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Frech> Reference: XF:ibm-piodmgrsu

CAN-1999-0097  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Northcutt> Per 97, general issue of mishandling metachars is a lot
 Northcutt> like my comment about CGI-BINs (not just PHF) [Someone]
 Northcutt> recently did a content search for about 
 Northcutt> CGI-BIN and /etc/passwd and found about 10 cig programs
 Northcutt> that someone attempted to exploit...  However we resolve the
 Northcutt> CGI-BIN bit, we ought to consider applying the same logic to
 Northcutt> candidates like 97.
 Frech> Reference: XF:ibm-ftp

CAN-1999-0100  ACCEPT(3) MODIFY(1) NOVOTE(2)
 Frech> Reference: XF:inn-controlmsg






--------------------- CLUSTER VEN-BSD ---------------------

VEN-BSD (13 candidates) --> candidates with advisories from BSD vendors
Proposed: 6/17
Scheduled Interim Decision: 6/28
Scheduled Final Decision: 7/2


Least controversial candidates are listed first.

Voters:
  Shostack
  Northcutt
  Christey


ACCEPT
=======================

CAN-1999-0367  ACCEPT(3) NOVOTE(3)
CAN-1999-0420  ACCEPT(3) NOVOTE(3)
CAN-1999-0422  ACCEPT(3) NOVOTE(3)
CAN-1999-0446  ACCEPT(3) NOVOTE(3)
CAN-1999-0466  ACCEPT(3) NOVOTE(3)
CAN-1999-0481  ACCEPT(3) NOVOTE(3)
CAN-1999-0482  ACCEPT(3) NOVOTE(3)
CAN-1999-0483  ACCEPT(3) NOVOTE(3)
CAN-1999-0484  ACCEPT(3) NOVOTE(3)


MODIFY
=======================

CAN-1999-0052  ACCEPT(1) MODIFY(2) NOVOTE(3)
 Northcutt> Do we want to treat each instantiation of common attacks
 Northcutt> separately for each OS?  Fragmentation and denial of service is 
 Northcutt> not a freebsd specific issue, over the years we have seen:
 Northcutt> 
 Northcutt> "Pathological" fragmentation where the second packet move the pointer
 Northcutt> negative and then we scribble on our stack, this is the teardrop
 Northcutt> approach if I remember the exploit name correctly and uses UDP.
 Northcutt> 
 Northcutt> We also have the classic memory wasting frag attack where they
 Northcutt> send the first part and never finish, then send a new first
 Northcutt> part and so on.
 Northcutt> 
 Northcutt> I think frag attack was in the cisco set, if not it should be
 Northcutt> there is a nice attack for IOS
 Northcutt> 
 Northcutt> Then you have the how_do_you_handles such as Dug Song's
 Northcutt> frag router to evade IDS systems and whatever the heck
 Northcutt> this loki like thing that is all the rage for the last
 Northcutt> 90 days or so.
 Northcutt> 
 Northcutt> Recommend: MODIFY 52 so that the text blurb at least hints
 Northcutt> why this is a unique case of mishandling frags OR create
 Northcutt> general frag vulnerabilities.
 Shostack> For denial of service attacks, we should distinguish between
 Shostack> host availability, service, and CPU absorbtion DOS attacks.  

CAN-1999-0053  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Shostack> For denial of service attacks, we should distinguish between
 Shostack> host availability, service, and CPU absorbtion DOS attacks.  

CAN-1999-0396  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Shostack> For denial of service attacks, we should distinguish between
 Shostack> host availability, service, and CPU absorbtion DOS attacks.  

CAN-1999-0485  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Shostack> For denial of service attacks, we should distinguish between
 Shostack> host availability, service, and CPU absorbtion DOS attacks.  






--------------------- CLUSTER VEN-HP ---------------------

VEN-HP (11 candidates) --> candidates with advisories from HP vendor
Proposed: 6/17
Scheduled Interim Decision: 6/28
Scheduled Final Decision: 7/2


Least controversial candidates are listed first.

Voters:
  Shostack
  Northcutt
  Christey


ACCEPT
=======================

CAN-1999-0309  ACCEPT(1) NOOP(2) NOVOTE(3)
CAN-1999-0326  ACCEPT(1) NOOP(2) NOVOTE(3)
CAN-1999-0353  ACCEPT(1) NOOP(2) NOVOTE(3)
CAN-1999-0423  ACCEPT(1) NOOP(2) NOVOTE(3)
CAN-1999-0432  ACCEPT(1) NOOP(2) NOVOTE(3)
CAN-1999-0436  ACCEPT(1) NOOP(2) NOVOTE(3)
CAN-1999-0447  ACCEPT(1) NOOP(2) NOVOTE(3)
CAN-1999-0478  ACCEPT(1) NOOP(2) NOVOTE(3)
CAN-1999-0479  ACCEPT(1) NOOP(2) NOVOTE(3)


MODIFY
=======================

CAN-1999-0057  ACCEPT(1) MODIFY(1) NOOP(1) NOVOTE(3)
 Shostack> Problem 1: SNI-19 is SNI-19.BSD.lpd.vulnerabilities update according
 Shostack> to http://geek-girl.com/bugtraq/1997_4/0106.html
 Shostack> 
 Shostack> Problem 2: Wording is unclear.  Is this a vacation problem, a
 Shostack> .vacation problem, or a sendmail problem?



REVIEWING
=======================

CAN-1999-0551  ACCEPT(1) NOOP(1) NOVOTE(3) REVIEWING(1)
 Shostack> Question: Is this run arbitrary commands as root...?






--------------------- CLUSTER VEN-ROUTER ---------------------

VEN-ROUTER (10 candidates) --> candidates with advisories from router vendors
Proposed: 6/17
Scheduled Interim Decision: 6/28
Scheduled Final Decision: 7/2


Least controversial candidates are listed first.

Voters:
  Northcutt
  Christey


ACCEPT
=======================

CAN-1999-0060  ACCEPT(2) NOVOTE(4)
CAN-1999-0157  ACCEPT(2) NOVOTE(4)
CAN-1999-0158  ACCEPT(2) NOVOTE(4)
CAN-1999-0159  ACCEPT(2) NOVOTE(4)
CAN-1999-0160  ACCEPT(2) NOVOTE(4)
CAN-1999-0161  ACCEPT(2) NOVOTE(4)
CAN-1999-0162  ACCEPT(2) NOVOTE(4)
CAN-1999-0293  ACCEPT(2) NOVOTE(4)
CAN-1999-0430  ACCEPT(2) NOVOTE(4)
CAN-1999-0445  ACCEPT(2) NOVOTE(4)





--------------------- CLUSTER VEN-SGI ---------------------

VEN-SGI (7 candidates) --> candidates with advisories from SGI vendor
Proposed: 6/17
Scheduled Interim Decision: 6/28
Scheduled Final Decision: 7/2


Least controversial candidates are listed first.

Voters:
  Shostack
  Northcutt
  Christey


ACCEPT
=======================

CAN-1999-0044  ACCEPT(3) NOVOTE(3)
CAN-1999-0215  ACCEPT(3) NOVOTE(3)
CAN-1999-0327  ACCEPT(3) NOVOTE(3)
CAN-1999-0329  ACCEPT(3) NOVOTE(3)
CAN-1999-0413  ACCEPT(3) NOVOTE(3)
CAN-1999-0463  ACCEPT(3) NOVOTE(3)


MODIFY
=======================

CAN-1999-0328  ACCEPT(2) MODIFY(1) NOVOTE(3)
 Shostack> include a path to /usr/bin/permissions to clarify that it is a
 Shostack> program.






--------------------- CLUSTER VEN-SUN ---------------------

VEN-SUN (18 candidates) --> candidates with advisories from SUN vendor
Proposed: 6/17
Scheduled Interim Decision: 6/28
Scheduled Final Decision: 7/2


Least controversial candidates are listed first.

Voters:
  Northcutt
  Christey


ACCEPT
=======================

CAN-1999-0054  ACCEPT(2) NOVOTE(4)
CAN-1999-0055  ACCEPT(2) NOVOTE(4)
CAN-1999-0056  ACCEPT(2) NOVOTE(4)
CAN-1999-0065  ACCEPT(2) NOVOTE(4)
CAN-1999-0069  ACCEPT(2) NOVOTE(4)
CAN-1999-0121  ACCEPT(2) NOVOTE(4)
CAN-1999-0185  ACCEPT(2) NOVOTE(4)
CAN-1999-0188  ACCEPT(2) NOVOTE(4)
CAN-1999-0190  ACCEPT(2) NOVOTE(4)
CAN-1999-0263  ACCEPT(2) NOVOTE(4)
CAN-1999-0296  ACCEPT(2) NOVOTE(4)
CAN-1999-0300  ACCEPT(2) NOVOTE(4)
CAN-1999-0301  ACCEPT(2) NOVOTE(4)
CAN-1999-0302  ACCEPT(2) NOVOTE(4)
CAN-1999-0320  ACCEPT(2) NOVOTE(4)
CAN-1999-0369  ACCEPT(2) NOVOTE(4)
CAN-1999-0370  ACCEPT(2) NOVOTE(4)


MODIFY
=======================

CAN-1999-0212  ACCEPT(1) MODIFY(1) NOVOTE(4)
 Northcutt> I am concerned that Linux is becoming too
 Northcutt> non descript a word, in the past two weeks I have run
 Northcutt> across 3 Linuxes I had never heard of before.  I think we need
 Northcutt> to start being specific when we mention Linux either by
 Northcutt> the kernal or vendor or something.






--------------------- CLUSTER VEN-others ---------------------

VEN-others (2 candidates) --> candidates with advisories from other vendors
Proposed: 6/17
Scheduled Interim Decision: 6/28
Scheduled Final Decision: 7/2


Least controversial candidates are listed first.

Voters:
  Shostack
  Northcutt
  Christey


ACCEPT
=======================

CAN-1999-0358  ACCEPT(3) NOVOTE(3)
CAN-1999-0433  ACCEPT(3) NOVOTE(3)





--------------------- CLUSTER MULT ---------------------

MULT (35 candidates) --> Multiple executables split into
Proposed: 6/23
Scheduled Interim Decision: 7/5
Scheduled Final Decision: 7/9


Least controversial candidates are listed first.

Voters:





--------------------- CLUSTER CGI ---------------------

CGI (31 candidates) --> CGI programs
Proposed: 6/23
Scheduled Interim Decision: 7/5
Scheduled Final Decision: 7/9


Least controversial candidates are listed first.

Voters:
  Northcutt


ACCEPT
=======================

CAN-1999-0066  ACCEPT(1) NOVOTE(5)
CAN-1999-0070  ACCEPT(1) NOVOTE(5)
CAN-1999-0146  ACCEPT(1) NOVOTE(5)
CAN-1999-0147  ACCEPT(1) NOVOTE(5)
CAN-1999-0148  ACCEPT(1) NOVOTE(5)
CAN-1999-0149  ACCEPT(1) NOVOTE(5)
CAN-1999-0172  ACCEPT(1) NOVOTE(5)
CAN-1999-0173  ACCEPT(1) NOVOTE(5)
CAN-1999-0174  ACCEPT(1) NOVOTE(5)
CAN-1999-0176  ACCEPT(1) NOVOTE(5)
CAN-1999-0177  ACCEPT(1) NOVOTE(5)
CAN-1999-0178  ACCEPT(1) NOVOTE(5)
CAN-1999-0191  ACCEPT(1) NOVOTE(5)
CAN-1999-0196  ACCEPT(1) NOVOTE(5)
CAN-1999-0233  ACCEPT(1) NOVOTE(5)
CAN-1999-0236  ACCEPT(1) NOVOTE(5)
CAN-1999-0237  ACCEPT(1) NOVOTE(5)
CAN-1999-0238  ACCEPT(1) NOVOTE(5)
CAN-1999-0253  ACCEPT(1) NOVOTE(5)
CAN-1999-0262  ACCEPT(1) NOVOTE(5)
CAN-1999-0264  ACCEPT(1) NOVOTE(5)
CAN-1999-0268  ACCEPT(1) NOVOTE(5)
CAN-1999-0269  ACCEPT(1) NOVOTE(5)
CAN-1999-0270  ACCEPT(1) NOVOTE(5)
CAN-1999-0271  ACCEPT(1) NOVOTE(5)
CAN-1999-0278  ACCEPT(1) NOVOTE(5)
CAN-1999-0279  ACCEPT(1) NOVOTE(5)
CAN-1999-0283  ACCEPT(1) NOVOTE(5)
CAN-1999-0347  ACCEPT(1) NOVOTE(5)
CAN-1999-0348  ACCEPT(1) NOVOTE(5)
CAN-1999-0360  ACCEPT(1) NOVOTE(5)





--------------------- CLUSTER BUF ---------------------

BUF (33 candidates) --> Some (not all) buffer overflows in single applications
Proposed: 6/23
Scheduled Interim Decision: 7/5
Scheduled Final Decision: 7/9


Least controversial candidates are listed first.

Voters:
  Northcutt


ACCEPT
=======================

CAN-1999-0047  ACCEPT(1) NOVOTE(5)
CAN-1999-0058  ACCEPT(1) NOVOTE(5)
CAN-1999-0064  ACCEPT(1) NOVOTE(5)
CAN-1999-0071  ACCEPT(1) NOVOTE(5)
CAN-1999-0085  ACCEPT(1) NOVOTE(5)
CAN-1999-0102  ACCEPT(1) NOVOTE(5)
CAN-1999-0108  ACCEPT(1) NOVOTE(5)
CAN-1999-0109  ACCEPT(1) NOVOTE(5)
CAN-1999-0112  ACCEPT(1) NOVOTE(5)
CAN-1999-0122  ACCEPT(1) NOVOTE(5)
CAN-1999-0139  ACCEPT(1) NOVOTE(5)
CAN-1999-0182  ACCEPT(1) NOVOTE(5)
CAN-1999-0187  ACCEPT(1) NOVOTE(5)
CAN-1999-0192  ACCEPT(1) NOVOTE(5)
CAN-1999-0206  ACCEPT(1) NOVOTE(5)
CAN-1999-0219  ACCEPT(1) NOVOTE(5)
CAN-1999-0230  ACCEPT(1) NOVOTE(5)
CAN-1999-0232  ACCEPT(1) NOVOTE(5)
CAN-1999-0235  ACCEPT(1) NOVOTE(5)
CAN-1999-0244  ACCEPT(1) NOVOTE(5)
CAN-1999-0255  ACCEPT(1) NOVOTE(5)
CAN-1999-0256  ACCEPT(1) NOVOTE(5)
CAN-1999-0276  ACCEPT(1) NOVOTE(5)
CAN-1999-0297  ACCEPT(1) NOVOTE(5)
CAN-1999-0315  ACCEPT(1) NOVOTE(5)
CAN-1999-0317  ACCEPT(1) NOVOTE(5)
CAN-1999-0318  ACCEPT(1) NOVOTE(5)
CAN-1999-0319  ACCEPT(1) NOVOTE(5)
CAN-1999-0339  ACCEPT(1) NOVOTE(5)
CAN-1999-0373  ACCEPT(1) NOVOTE(5)
CAN-1999-0375  ACCEPT(1) NOVOTE(5)
CAN-1999-0405  ACCEPT(1) NOVOTE(5)
Page Last Updated or Reviewed: May 22, 2007