|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FW: Cluster 03: VEN-SUN
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry about the previous unfinished message....fumble-fingers on my part - -mike - - ------------------------------------------ Candidate: CAN-1999-0054 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00171 Sun's ftpd daemon is subject to a denial of service Accept - - ------------------------------------------ Candidate: CAN-1999-0055 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00172 Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL Reference: XF:sun-libnsl Buffer overflows in Sun libnsl allow root access. Modify: This vulnerability also affects other OSes, i.e. AIX 4.3 that have ported versions of Sun's libnsl.a ref: IBM AIX RS6000 APAR number IX80543 - - ------------------------------------------ Candidate: CAN-1999-0056 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00174 Reference: XF:sun-ping Buffer overflow in Sun's ping program can give root access to local users. Accept - - ------------------------------------------ Candidate: CAN-1999-0065 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00181 Reference: XF:hp-dtmail Bug in how dtmail handles attachments allows remote attacker to execute commands with the same privileges as the user who is reading the message. Modify: This is a multiple buffer overflow vulnerability in Sun's CDE in how dtmail handles attachments. - - ------------------------------------------ Candidate: CAN-1999-0069 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00169 Solaris ufsrestore buffer overflow. Accept - - ------------------------------------------ Candidate: CAN-1999-0121 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00164 Reference: ERS:ERS-SVA-E01-1997:005.1 Buffer overflow in dtaction command gives root access. Modify: Buffer overflow also affects /usr/dt/bin/dtaction in libDtSvc.a library in AIX 4.x, but reference for this Sun vulnerability should only reflect the Sun Bulletin or the CIAC I-032 version of the Sun Bulletin - - ------------------------------------------ Candidate: CAN-1999-0185 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00156 In Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. Accept - - ------------------------------------------ Candidate: CAN-1999-0188 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00182 Reference: XF:sun-passwd-dos The passwd command in Solaris could be subjected to a denial of service. Accept - - ------------------------------------------ Candidate: CAN-1999-0190 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00167 Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. Modify: The way rpcbind handles indirect calls is vulnerable in this advisory. As there are lots of rpcbind problems, maybe should be more specific? - - ------------------------------------------ Candidate: CAN-1999-0212 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00168 rpc.mountd in Linux and Solaris would generate error messages that allowed an attacker to determine what files were on the server. Accept - - ------------------------------------------ Candidate: CAN-1999-0263 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00173 Reference: XF:sun-sunwadmap Solaris SUNWadmap can be exploited to obtain root access. Accept - - ------------------------------------------ Candidate: CAN-1999-0296 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00162 Reference: XF:sun-volrmmount Solaris volrmmount program allows attackers to read any file. accept - - ------------------------------------------ Candidate: CAN-1999-0300 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00155 Reference: XF:sun-niscache nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. accept - - ------------------------------------------ Candidate: CAN-1999-0301 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00149 Reference: AUSCERT:AUSCERT-97.17 Reference: XF:sun-ps2bo Buffer overflow in SunOS/Solaris ps command. Accept - - ------------------------------------------ Candidate: CAN-1999-0302 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00176 Reference: XF:sun-ftp-server SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. Accept - - ------------------------------------------ Candidate: CAN-1999-0320 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00166 SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. Accept - - ------------------------------------------ Candidate: CAN-1999-0369 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00183 The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. Accept - - ------------------------------------------ Candidate: CAN-1999-0370 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: SUN:00184 In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files. accept -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 iQA/AwUBN3fkFxIUaHPadf5hEQKobgCgwtog3JfKIMnR20VwWStBPrCy05oAniks jmTHH1VncKJ9E6FEppFjeS3y =bcj9 -----END PGP SIGNATURE-----
|
||||
