[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

INTERIM DECISION: ACCEPT 6 candidates from VEN-SGI (Final 7/5)




I have ACCEPTed the following candidates from VEN-SGI and will make a
Final Decision on 7/5.

The only candidate not accepted in the VEN-SGI cluster involved a
minor description change suggested by Adam Shostack, which has a small
but potentially controversial effect on content decisions with respect
to what goes into descriptive text.  I am delaying that candidate to
avoid diluting the current content decision discussions with a side
issue.

- Steve


=================================
Candidate: CAN-1999-0044
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19970301-01-P
Reference: XF:sgi-fsdump

fsdump command in IRIX allows local users to obtain root access
by modifying sensitive files.

Modifications:
  CHANGEREF HP:19970301-01-P SGI:19970301-01-P
  CHANGEREF ISS:sgi-fsdump XF:sgi-fsdump

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> HP reference should probably be SGI
 Frech> ISS reference should be XF


=================================
Candidate: CAN-1999-0215
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19981004-01-PX
Reference: CIAC:J-012
Reference: XF:ripapp

Routed allows attackers to append data to files.

Modifications:
  ADDREF XF:ripapp

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ripapp


=================================
Candidate: CAN-1999-0327
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19971103-01-PX
Reference: XF:sgi-syserr

SGI syserr program allows local users to corrupt files.

Modifications:
  ADDREF XF:sgi-syserr

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sgi-syserr


=================================
Candidate: CAN-1999-0329
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19980602-01-PX
Reference: XF:sgi-mediad

SGI mediad program allows local users to gain root access.

Modifications:
  ADDREF XF:sgi-mediad

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sgi-mediad


=================================
Candidate: CAN-1999-0413
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19990301-01-PX
Reference: XF:irix-font-path-overflow

A buffer overflow in the SGI X server allows local users to gain root
access through the X server font path.

Modifications:
  ADDREF XF:irix-font-path-overflow

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:irix-font-path-overflow


=================================
Candidate: CAN-1999-0463
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19981201-01-PX
Reference: XF:sgi-fcagent-dos

Remote attackers can perform a denial of service using IRIX fcagent.

Modifications:
  ADDREF XF:sgi-fcagent-dos

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sgi-fcagent-dos


Page Last Updated or Reviewed: May 22, 2007