[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Cluster 13 - DENY (13 candidates)




The following cluster contains 13 low-controversy candidates related
to denial of service attacks.

Phase schedule:
  Modification 7/7
  Interim 7/12
  Final 7/16


- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0087
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1998:003.1

Denial of service in AIX telnet can freeze a system and prevent
users from accessing the server.

VOTE: 

=================================
Candidate: CAN-1999-0140
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Denial of service in RAS/PPTP on NT systems.

VOTE: 

=================================
Candidate: CAN-1999-0144
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:qmail-rcpt

Denial of service in Qmail by specifying a large number of
recipients with the RCPT command.

VOTE: 

=================================
Candidate: CAN-1999-0213
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

libnsl in Solaris allowed an attacker to perform a denial of service
of rpcbind.

VOTE: 

=================================
Candidate: CAN-1999-0216
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Denial of service of inetd on Linux through SYN and RST packets.

VOTE: 

=================================
Candidate: CAN-1999-0221
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Denial of service of Ascend routers through port 150 (remote
administration).

VOTE: 

=================================
Candidate: CAN-1999-0250
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:qmail-leng

Denial of service in Qmail through long SMTP commands.

VOTE: 

=================================
Candidate: CAN-1999-0272
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Denial of service in Slmail v2.5 through the POP3 port.

VOTE: 

=================================
Candidate: CAN-1999-0273
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

VOTE: 

=================================
Candidate: CAN-1999-0288
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Denial of service in WINS with malformed data to port 137 (NETBIOS
Name Service).

VOTE: 

=================================
Candidate: CAN-1999-0437
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: ISS:WebRamp Denial of Service Attacks

Remote attackers can perform a denial of service in WebRamp systems by
sending a malicious string to the HTTP port.

VOTE: 

=================================
Candidate: CAN-1999-0438
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: ISS:WebRamp Denial of Service Attacks

Remote attackers can perform a denial of service in WebRamp systems by
sending a malicious UDP packet to port 5353, changing its IP address.

VOTE: 

=================================
Candidate: CAN-1999-0566
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: CF

An attacker can write to syslog files, causing a denial of service by
filling up the logs, and hiding activities.

VOTE: 

 
Page Last Updated: May 22, 2007