|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] VOTE SUMMARY: all active clusters
All: Since I added the VOTE: line, people have been responding directly to me in emails, instead of to the list. (Any opinions out there on which is preferable?) The vote summary below makes those responses "public." This new VOTE: format allows me to more easily capture people's comments, which are also listed with each candidate. The clusters are ordered according to the scheduled Final Decision date. I will make Andre's extremeley minor (but quite reasonable) description changes in MODIFY-01 when I move those candidates to the Interim Decision phase. Note that the MODIFY-01 and VEN clusters - or at least portions of them - are scheduled for Interim Decision on June 28th. - Steve --------------------- CLUSTER MODIFY-01 --------------------- MODIFY-01 (25 candidates) --> portion of CERT cluster to be modified Proposed: 6/7 Modified: 6/22 Scheduled Interim Decision: 6/28 Scheduled Final Decision: 7/2 Least controversial candidates are listed first. Voters: Shostack Frech Northcutt ACCEPT ======================= CAN-1999-0003 ACCEPT(3) NOVOTE(3) CAN-1999-0018 ACCEPT(3) NOVOTE(3) CAN-1999-0035 ACCEPT(3) NOVOTE(3) CAN-1999-0049 ACCEPT(3) NOVOTE(3) CAN-1999-0051 ACCEPT(3) NOVOTE(3) CAN-1999-0078 ACCEPT(3) NOVOTE(3) CAN-1999-0117 ACCEPT(3) NOVOTE(3) CAN-1999-0128 ACCEPT(3) NOVOTE(3) CAN-1999-0130 ACCEPT(3) NOVOTE(3) CAN-1999-0131 ACCEPT(3) NOVOTE(3) CAN-1999-0132 ACCEPT(3) NOVOTE(3) CAN-1999-0135 ACCEPT(3) NOVOTE(3) CAN-1999-0136 ACCEPT(3) NOVOTE(3) CAN-1999-0137 ACCEPT(3) NOVOTE(3) CAN-1999-0155 ACCEPT(3) NOVOTE(3) CAN-1999-0164 ACCEPT(3) NOVOTE(3) CAN-1999-0209 ACCEPT(3) NOVOTE(3) CAN-1999-0277 ACCEPT(3) NOVOTE(3) MODIFY ======================= CAN-1999-0004 ACCEPT(1) MODIFY(1) NOVOTE(4) Frech> Extremely minor, but I believe e-mail is the correct term. (If you reject Frech> this suggestion, I will not be devastated.) :-) CAN-1999-0046 ACCEPT(2) MODIFY(1) NOVOTE(3) Frech> Every sentence is followed by a period (unless you are a criminal, Frech> and then it follows with an appeal.) CAN-1999-0099 ACCEPT(2) MODIFY(1) NOVOTE(3) Shostack> Anything that passes bad data to syslog might be used to proxy this, Shostack> not just mail servers. CAN-1999-0134 ACCEPT(2) MODIFY(1) NOVOTE(3) Frech> Period follows the end of a sentence in the description. CAN-1999-0141 ACCEPT(2) MODIFY(1) NOVOTE(3) Frech> "allows malicious applets..." since this vuln relates to the time Frech> when this vulnerability existed. CAN-1999-0208 ACCEPT(2) MODIFY(1) NOVOTE(3) Frech> "allows remote users..." since this vuln's context pertains to Frech> when the service was vulnerable. CAN-1999-0267 ACCEPT(2) MODIFY(1) NOVOTE(3) Frech> "allows remote..." (keeping it in present tense) --------------------- CLUSTER VEN-AIX --------------------- VEN-AIX (10 candidates) --> candidates with advisories from AIX vendor Proposed: 6/17 Scheduled Interim Decision: 6/28 Scheduled Final Decision: 7/2 Least controversial candidates are listed first. Voters: Shostack Frech Northcutt Christey MODIFY ======================= CAN-1999-0072 ACCEPT(3) MODIFY(1) NOVOTE(2) Frech> Reference: XF:ibm-xdat CAN-1999-0086 ACCEPT(3) MODIFY(1) NOVOTE(2) Frech> Reference: XF:ibm-routed CAN-1999-0088 ACCEPT(3) MODIFY(1) NOVOTE(2) Frech> ERS (and other references, BTW) explicitly stipulate 'local and Frech> remote'. Frech> Reference: XF:irix-autofsd CAN-1999-0089 ACCEPT(3) MODIFY(1) NOVOTE(2) Frech> Reference: XF:ibm-libDtSvc CAN-1999-0090 ACCEPT(3) MODIFY(1) NOVOTE(2) Frech> Reference: XF:ibm-rcp CAN-1999-0091 ACCEPT(3) MODIFY(1) NOVOTE(2) Frech> Reference: XF:ibm-writesrv CAN-1999-0093 ACCEPT(3) MODIFY(1) NOVOTE(2) Frech> Reference: XF:ibm-nslookup CAN-1999-0094 ACCEPT(3) MODIFY(1) NOVOTE(2) Frech> Reference: XF:ibm-piodmgrsu CAN-1999-0097 ACCEPT(3) MODIFY(1) NOVOTE(2) Northcutt> Per 97, general issue of mishandling metachars is a lot Northcutt> like my comment about CGI-BINs (not just PHF) [Someone] Northcutt> recently did a content search for about Northcutt> CGI-BIN and /etc/passwd and found about 10 cig programs Northcutt> that someone attempted to exploit... However we resolve the Northcutt> CGI-BIN bit, we ought to consider applying the same logic to Northcutt> candidates like 97. Frech> Reference: XF:ibm-ftp CAN-1999-0100 ACCEPT(3) MODIFY(1) NOVOTE(2) Frech> Reference: XF:inn-controlmsg --------------------- CLUSTER VEN-BSD --------------------- VEN-BSD (13 candidates) --> candidates with advisories from BSD vendors Proposed: 6/17 Scheduled Interim Decision: 6/28 Scheduled Final Decision: 7/2 Least controversial candidates are listed first. Voters: Shostack Northcutt Christey ACCEPT ======================= CAN-1999-0367 ACCEPT(3) NOVOTE(3) CAN-1999-0420 ACCEPT(3) NOVOTE(3) CAN-1999-0422 ACCEPT(3) NOVOTE(3) CAN-1999-0446 ACCEPT(3) NOVOTE(3) CAN-1999-0466 ACCEPT(3) NOVOTE(3) CAN-1999-0481 ACCEPT(3) NOVOTE(3) CAN-1999-0482 ACCEPT(3) NOVOTE(3) CAN-1999-0483 ACCEPT(3) NOVOTE(3) CAN-1999-0484 ACCEPT(3) NOVOTE(3) MODIFY ======================= CAN-1999-0052 ACCEPT(1) MODIFY(2) NOVOTE(3) Northcutt> Do we want to treat each instantiation of common attacks Northcutt> separately for each OS? Fragmentation and denial of service is Northcutt> not a freebsd specific issue, over the years we have seen: Northcutt> Northcutt> "Pathological" fragmentation where the second packet move the pointer Northcutt> negative and then we scribble on our stack, this is the teardrop Northcutt> approach if I remember the exploit name correctly and uses UDP. Northcutt> Northcutt> We also have the classic memory wasting frag attack where they Northcutt> send the first part and never finish, then send a new first Northcutt> part and so on. Northcutt> Northcutt> I think frag attack was in the cisco set, if not it should be Northcutt> there is a nice attack for IOS Northcutt> Northcutt> Then you have the how_do_you_handles such as Dug Song's Northcutt> frag router to evade IDS systems and whatever the heck Northcutt> this loki like thing that is all the rage for the last Northcutt> 90 days or so. Northcutt> Northcutt> Recommend: MODIFY 52 so that the text blurb at least hints Northcutt> why this is a unique case of mishandling frags OR create Northcutt> general frag vulnerabilities. Shostack> For denial of service attacks, we should distinguish between Shostack> host availability, service, and CPU absorbtion DOS attacks. CAN-1999-0053 ACCEPT(2) MODIFY(1) NOVOTE(3) Shostack> For denial of service attacks, we should distinguish between Shostack> host availability, service, and CPU absorbtion DOS attacks. CAN-1999-0396 ACCEPT(2) MODIFY(1) NOVOTE(3) Shostack> For denial of service attacks, we should distinguish between Shostack> host availability, service, and CPU absorbtion DOS attacks. CAN-1999-0485 ACCEPT(2) MODIFY(1) NOVOTE(3) Shostack> For denial of service attacks, we should distinguish between Shostack> host availability, service, and CPU absorbtion DOS attacks. --------------------- CLUSTER VEN-HP --------------------- VEN-HP (11 candidates) --> candidates with advisories from HP vendor Proposed: 6/17 Scheduled Interim Decision: 6/28 Scheduled Final Decision: 7/2 Least controversial candidates are listed first. Voters: Shostack Northcutt Christey ACCEPT ======================= CAN-1999-0309 ACCEPT(1) NOOP(2) NOVOTE(3) CAN-1999-0326 ACCEPT(1) NOOP(2) NOVOTE(3) CAN-1999-0353 ACCEPT(1) NOOP(2) NOVOTE(3) CAN-1999-0423 ACCEPT(1) NOOP(2) NOVOTE(3) CAN-1999-0432 ACCEPT(1) NOOP(2) NOVOTE(3) CAN-1999-0436 ACCEPT(1) NOOP(2) NOVOTE(3) CAN-1999-0447 ACCEPT(1) NOOP(2) NOVOTE(3) CAN-1999-0478 ACCEPT(1) NOOP(2) NOVOTE(3) CAN-1999-0479 ACCEPT(1) NOOP(2) NOVOTE(3) MODIFY ======================= CAN-1999-0057 ACCEPT(1) MODIFY(1) NOOP(1) NOVOTE(3) Shostack> Problem 1: SNI-19 is SNI-19.BSD.lpd.vulnerabilities update according Shostack> to http://geek-girl.com/bugtraq/1997_4/0106.html Shostack> Shostack> Problem 2: Wording is unclear. Is this a vacation problem, a Shostack> .vacation problem, or a sendmail problem? REVIEWING ======================= CAN-1999-0551 ACCEPT(1) NOOP(1) NOVOTE(3) REVIEWING(1) Shostack> Question: Is this run arbitrary commands as root...? --------------------- CLUSTER VEN-ROUTER --------------------- VEN-ROUTER (10 candidates) --> candidates with advisories from router vendors Proposed: 6/17 Scheduled Interim Decision: 6/28 Scheduled Final Decision: 7/2 Least controversial candidates are listed first. Voters: Northcutt Christey ACCEPT ======================= CAN-1999-0060 ACCEPT(2) NOVOTE(4) CAN-1999-0157 ACCEPT(2) NOVOTE(4) CAN-1999-0158 ACCEPT(2) NOVOTE(4) CAN-1999-0159 ACCEPT(2) NOVOTE(4) CAN-1999-0160 ACCEPT(2) NOVOTE(4) CAN-1999-0161 ACCEPT(2) NOVOTE(4) CAN-1999-0162 ACCEPT(2) NOVOTE(4) CAN-1999-0293 ACCEPT(2) NOVOTE(4) CAN-1999-0430 ACCEPT(2) NOVOTE(4) CAN-1999-0445 ACCEPT(2) NOVOTE(4) --------------------- CLUSTER VEN-SGI --------------------- VEN-SGI (7 candidates) --> candidates with advisories from SGI vendor Proposed: 6/17 Scheduled Interim Decision: 6/28 Scheduled Final Decision: 7/2 Least controversial candidates are listed first. Voters: Shostack Northcutt Christey ACCEPT ======================= CAN-1999-0044 ACCEPT(3) NOVOTE(3) CAN-1999-0215 ACCEPT(3) NOVOTE(3) CAN-1999-0327 ACCEPT(3) NOVOTE(3) CAN-1999-0329 ACCEPT(3) NOVOTE(3) CAN-1999-0413 ACCEPT(3) NOVOTE(3) CAN-1999-0463 ACCEPT(3) NOVOTE(3) MODIFY ======================= CAN-1999-0328 ACCEPT(2) MODIFY(1) NOVOTE(3) Shostack> include a path to /usr/bin/permissions to clarify that it is a Shostack> program. --------------------- CLUSTER VEN-SUN --------------------- VEN-SUN (18 candidates) --> candidates with advisories from SUN vendor Proposed: 6/17 Scheduled Interim Decision: 6/28 Scheduled Final Decision: 7/2 Least controversial candidates are listed first. Voters: Northcutt Christey ACCEPT ======================= CAN-1999-0054 ACCEPT(2) NOVOTE(4) CAN-1999-0055 ACCEPT(2) NOVOTE(4) CAN-1999-0056 ACCEPT(2) NOVOTE(4) CAN-1999-0065 ACCEPT(2) NOVOTE(4) CAN-1999-0069 ACCEPT(2) NOVOTE(4) CAN-1999-0121 ACCEPT(2) NOVOTE(4) CAN-1999-0185 ACCEPT(2) NOVOTE(4) CAN-1999-0188 ACCEPT(2) NOVOTE(4) CAN-1999-0190 ACCEPT(2) NOVOTE(4) CAN-1999-0263 ACCEPT(2) NOVOTE(4) CAN-1999-0296 ACCEPT(2) NOVOTE(4) CAN-1999-0300 ACCEPT(2) NOVOTE(4) CAN-1999-0301 ACCEPT(2) NOVOTE(4) CAN-1999-0302 ACCEPT(2) NOVOTE(4) CAN-1999-0320 ACCEPT(2) NOVOTE(4) CAN-1999-0369 ACCEPT(2) NOVOTE(4) CAN-1999-0370 ACCEPT(2) NOVOTE(4) MODIFY ======================= CAN-1999-0212 ACCEPT(1) MODIFY(1) NOVOTE(4) Northcutt> I am concerned that Linux is becoming too Northcutt> non descript a word, in the past two weeks I have run Northcutt> across 3 Linuxes I had never heard of before. I think we need Northcutt> to start being specific when we mention Linux either by Northcutt> the kernal or vendor or something. --------------------- CLUSTER VEN-others --------------------- VEN-others (2 candidates) --> candidates with advisories from other vendors Proposed: 6/17 Scheduled Interim Decision: 6/28 Scheduled Final Decision: 7/2 Least controversial candidates are listed first. Voters: Shostack Northcutt Christey ACCEPT ======================= CAN-1999-0358 ACCEPT(3) NOVOTE(3) CAN-1999-0433 ACCEPT(3) NOVOTE(3) --------------------- CLUSTER MULT --------------------- MULT (35 candidates) --> Multiple executables split into Proposed: 6/23 Scheduled Interim Decision: 7/5 Scheduled Final Decision: 7/9 Least controversial candidates are listed first. Voters: --------------------- CLUSTER CGI --------------------- CGI (31 candidates) --> CGI programs Proposed: 6/23 Scheduled Interim Decision: 7/5 Scheduled Final Decision: 7/9 Least controversial candidates are listed first. Voters: Northcutt ACCEPT ======================= CAN-1999-0066 ACCEPT(1) NOVOTE(5) CAN-1999-0070 ACCEPT(1) NOVOTE(5) CAN-1999-0146 ACCEPT(1) NOVOTE(5) CAN-1999-0147 ACCEPT(1) NOVOTE(5) CAN-1999-0148 ACCEPT(1) NOVOTE(5) CAN-1999-0149 ACCEPT(1) NOVOTE(5) CAN-1999-0172 ACCEPT(1) NOVOTE(5) CAN-1999-0173 ACCEPT(1) NOVOTE(5) CAN-1999-0174 ACCEPT(1) NOVOTE(5) CAN-1999-0176 ACCEPT(1) NOVOTE(5) CAN-1999-0177 ACCEPT(1) NOVOTE(5) CAN-1999-0178 ACCEPT(1) NOVOTE(5) CAN-1999-0191 ACCEPT(1) NOVOTE(5) CAN-1999-0196 ACCEPT(1) NOVOTE(5) CAN-1999-0233 ACCEPT(1) NOVOTE(5) CAN-1999-0236 ACCEPT(1) NOVOTE(5) CAN-1999-0237 ACCEPT(1) NOVOTE(5) CAN-1999-0238 ACCEPT(1) NOVOTE(5) CAN-1999-0253 ACCEPT(1) NOVOTE(5) CAN-1999-0262 ACCEPT(1) NOVOTE(5) CAN-1999-0264 ACCEPT(1) NOVOTE(5) CAN-1999-0268 ACCEPT(1) NOVOTE(5) CAN-1999-0269 ACCEPT(1) NOVOTE(5) CAN-1999-0270 ACCEPT(1) NOVOTE(5) CAN-1999-0271 ACCEPT(1) NOVOTE(5) CAN-1999-0278 ACCEPT(1) NOVOTE(5) CAN-1999-0279 ACCEPT(1) NOVOTE(5) CAN-1999-0283 ACCEPT(1) NOVOTE(5) CAN-1999-0347 ACCEPT(1) NOVOTE(5) CAN-1999-0348 ACCEPT(1) NOVOTE(5) CAN-1999-0360 ACCEPT(1) NOVOTE(5) --------------------- CLUSTER BUF --------------------- BUF (33 candidates) --> Some (not all) buffer overflows in single applications Proposed: 6/23 Scheduled Interim Decision: 7/5 Scheduled Final Decision: 7/9 Least controversial candidates are listed first. Voters: Northcutt ACCEPT ======================= CAN-1999-0047 ACCEPT(1) NOVOTE(5) CAN-1999-0058 ACCEPT(1) NOVOTE(5) CAN-1999-0064 ACCEPT(1) NOVOTE(5) CAN-1999-0071 ACCEPT(1) NOVOTE(5) CAN-1999-0085 ACCEPT(1) NOVOTE(5) CAN-1999-0102 ACCEPT(1) NOVOTE(5) CAN-1999-0108 ACCEPT(1) NOVOTE(5) CAN-1999-0109 ACCEPT(1) NOVOTE(5) CAN-1999-0112 ACCEPT(1) NOVOTE(5) CAN-1999-0122 ACCEPT(1) NOVOTE(5) CAN-1999-0139 ACCEPT(1) NOVOTE(5) CAN-1999-0182 ACCEPT(1) NOVOTE(5) CAN-1999-0187 ACCEPT(1) NOVOTE(5) CAN-1999-0192 ACCEPT(1) NOVOTE(5) CAN-1999-0206 ACCEPT(1) NOVOTE(5) CAN-1999-0219 ACCEPT(1) NOVOTE(5) CAN-1999-0230 ACCEPT(1) NOVOTE(5) CAN-1999-0232 ACCEPT(1) NOVOTE(5) CAN-1999-0235 ACCEPT(1) NOVOTE(5) CAN-1999-0244 ACCEPT(1) NOVOTE(5) CAN-1999-0255 ACCEPT(1) NOVOTE(5) CAN-1999-0256 ACCEPT(1) NOVOTE(5) CAN-1999-0276 ACCEPT(1) NOVOTE(5) CAN-1999-0297 ACCEPT(1) NOVOTE(5) CAN-1999-0315 ACCEPT(1) NOVOTE(5) CAN-1999-0317 ACCEPT(1) NOVOTE(5) CAN-1999-0318 ACCEPT(1) NOVOTE(5) CAN-1999-0319 ACCEPT(1) NOVOTE(5) CAN-1999-0339 ACCEPT(1) NOVOTE(5) CAN-1999-0373 ACCEPT(1) NOVOTE(5) CAN-1999-0375 ACCEPT(1) NOVOTE(5) CAN-1999-0405 ACCEPT(1) NOVOTE(5)
|
||||
