|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] PROPOSAL: Cluster 13 - DENY (13 candidates)
The following cluster contains 13 low-controversy candidates related to denial of service attacks. Phase schedule: Modification 7/7 Interim 7/12 Final 7/16 - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0087 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1998:003.1 Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. VOTE: ================================= Candidate: CAN-1999-0140 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Denial of service in RAS/PPTP on NT systems. VOTE: ================================= Candidate: CAN-1999-0144 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:qmail-rcpt Denial of service in Qmail by specifying a large number of recipients with the RCPT command. VOTE: ================================= Candidate: CAN-1999-0213 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. VOTE: ================================= Candidate: CAN-1999-0216 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Denial of service of inetd on Linux through SYN and RST packets. VOTE: ================================= Candidate: CAN-1999-0221 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Denial of service of Ascend routers through port 150 (remote administration). VOTE: ================================= Candidate: CAN-1999-0250 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:qmail-leng Denial of service in Qmail through long SMTP commands. VOTE: ================================= Candidate: CAN-1999-0272 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Denial of service in Slmail v2.5 through the POP3 port. VOTE: ================================= Candidate: CAN-1999-0273 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Denial of service through Solaris 2.5.1 telnet by sending ^D characters. VOTE: ================================= Candidate: CAN-1999-0288 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Denial of service in WINS with malformed data to port 137 (NETBIOS Name Service). VOTE: ================================= Candidate: CAN-1999-0437 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: ISS:WebRamp Denial of Service Attacks Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port. VOTE: ================================= Candidate: CAN-1999-0438 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: ISS:WebRamp Denial of Service Attacks Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. VOTE: ================================= Candidate: CAN-1999-0566 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: CF An attacker can write to syslog files, causing a denial of service by filling up the logs, and hiding activities. VOTE:
|
||||
