[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

INTERIM DECISION: ACCEPT 8 candidates from cluster VEN-AIX

To: cve-review@linus.mitre.org
Subject: INTERIM DECISION: ACCEPT 8 candidates from cluster VEN-AIX
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Tue, 29 Jun 1999 20:42:09 -0400 (EDT)


I have made an Interim Decision to ACCEPT the following 8 candidates.
I have scheduled a Final Decision for 7/5.

The other 2 candidates in VEN-AIX are affected by current debates on
content decisions and thus are still in the Announcement phase.

Note that I have made minor modifications to some of these candidates,
namely adding X-Force references.  These modifications were not
important enough to merit moving the candidates to the Modification
phase.

- Steve


=================================
Candidate: CAN-1999-0072
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:004.1
Reference: XF:ibm-xdat

Buffer overflow in AIX xdat gives root access to local users.

Modifications:
  ADDREF XF:ibm-xdat

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-xdat


=================================
Candidate: CAN-1999-0086
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1998:001.1
Reference: XF:ibm-routed

AIX routed allows remote users to modify sensitive files.

Modifications:
  ADDREF XF:ibm-routed

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-routed


=================================
Candidate: CAN-1999-0089
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-libDtSvc

Buffer overflow in AIX libDtSvc library can allow local users
to gain root access.

Modifications:
  ADDREF XF:ibm-libDtSvc

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-libDtSvc


=================================
Candidate: CAN-1999-0090
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-rcp

Buffer overflow in AIX rcp command allows local users to obtain
root access.

Modifications:
  ADDREF XF:ibm-rcp

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-rcp


=================================
Candidate: CAN-1999-0091
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-writesrv

Buffer overflow in AIX writesrv command allows local users to obtain
root access.

Modifications:
  ADDREF XF:ibm-writesrv

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-writesrv


=================================
Candidate: CAN-1999-0093
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:008.1
Reference: XF:ibm-nslookup

AIX nslookup command allows local users to obtain root access by not
dropping privileges correctly.

Modifications:
  ADDREF XF:ibm-nslookup

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-nslookup


=================================
Candidate: CAN-1999-0094
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:007.1
Reference: XF:ibm-piodmgrsu

AIX piodmgrsu command allows local users to gain additional
group privileges.

Modifications:
  ADDREF XF:ibm-piodmgrsu

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-piodmgrsu


=================================
Candidate: CAN-1999-0100
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:002.1
Reference: XF:inn-controlmsg

Remote access in AIX innd 1.5.1, using control messages.

Modifications:
  ADDREF XF:inn-controlmsg

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:inn-controlmsg

Prev by Date: Re: Question about CVE to vendor mappings
Next by Date: Re: Level of Abstraction Issue: Similar Applications, "Same"Vulnerability
Prev by thread: RE: Question about CVE to vendor mappings
Next by thread: INTERIM DECISION: ACCEPT 11 candidates from VEN-SUN (Final 7/5)
Index(es):
- Date
- Thread