|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] INTERIM DECISION: ACCEPT 11 candidates from VEN-SUN (Final 7/5)
I have made an Interim Decision to ACCEPT the following candidates from VEN-SUN. I will make a Final Decision on July 5th. The remaining candidates in VEN-SUN are affected by the current content decision debates. - Steve ================================= Candidate: CAN-1999-0054 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00171 Reference: XF:sun-ftpd Sun's ftpd daemon is subject to a denial of service Modifications: ADDREF XF:sun-ftpd VOTES: ACCEPT (3) Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:sun-ftpd ================================= Candidate: CAN-1999-0056 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00174 Reference: XF:sun-ping Buffer overflow in Sun's ping program can give root access to local users. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0069 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00169 Reference: XF:sun-ufsrestore Solaris ufsrestore buffer overflow. Modifications: ADDREF XF:sun-ufsrestore VOTES: ACCEPT (3) Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:sun-ufsrestore ================================= Candidate: CAN-1999-0188 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00182 Reference: XF:sun-passwd-dos The passwd command in Solaris could be subjected to a denial of service. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0263 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00173 Reference: XF:sun-sunwadmap Solaris SUNWadmap can be exploited to obtain root access. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0296 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00162 Reference: XF:sun-volrmmount Solaris volrmmount program allows attackers to read any file. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0300 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00155 Reference: XF:sun-niscache nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0301 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00149 Reference: AUSCERT:AUSCERT-97.17 Reference: XF:sun-ps2bo Buffer overflow in SunOS/Solaris ps command. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0302 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00176 Reference: XF:sun-ftp-server SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0320 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00166 Reference: XF:sun-rpc.cmsd SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. Modifications: ADDREF XF:sun-rpc.cmsd VOTES: ACCEPT (3) Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:sun-rpc.cmsd ================================= Candidate: CAN-1999-0369 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00183 Reference: XF:sun-sdtcm-convert-bo The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. Modifications: ADDREF XF:sun-sdtcm-convert-bo VOTES: ACCEPT (3) Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:sun-sdtcm-convert-bo
|
||||
