[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FINAL DECISION: ACCEPT 11 candidates from VEN-SUN cluster




I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  Voting
details and comments are provided afterwards.

The CVE names for candidates that reach Final Decision should be
regarded as stable.  In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until the CVE goes fully
public.  The only difference between Publication and Final Decision is
that the CVE name is officially "announced" by MITRE during
Publication.

- Steve


Candidate       CVE Name        Votes
---------       ----------      -----
CAN-1999-0054   CVE-1999-0054	ACCEPT(3) MODIFY(1)
CAN-1999-0056   CVE-1999-0056	ACCEPT(4)
CAN-1999-0069   CVE-1999-0069	ACCEPT(3) MODIFY(1)
CAN-1999-0188   CVE-1999-0188	ACCEPT(4)
CAN-1999-0263   CVE-1999-0263	ACCEPT(4)
CAN-1999-0296   CVE-1999-0296	ACCEPT(4)
CAN-1999-0300   CVE-1999-0300	ACCEPT(4)
CAN-1999-0301   CVE-1999-0301	ACCEPT(4)
CAN-1999-0302   CVE-1999-0302	ACCEPT(4)
CAN-1999-0320   CVE-1999-0320	ACCEPT(3) MODIFY(1)
CAN-1999-0369   CVE-1999-0369	ACCEPT(3) MODIFY(1)



=================================
Candidate: CAN-1999-0054
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00171
Reference: XF:sun-ftpd

Sun's ftpd daemon can be subjected to a denial of service.

Modifications:
  ADDREF XF:sun-ftpd

VOTES:
ACCEPT (3) Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sun-ftpd


=================================
Candidate: CAN-1999-0056
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00174
Reference: XF:sun-ping

Buffer overflow in Sun's ping program can give root access to local users.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0069
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00169
Reference: XF:sun-ufsrestore

Solaris ufsrestore buffer overflow.

Modifications:
  ADDREF XF:sun-ufsrestore

VOTES:
ACCEPT (3) Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sun-ufsrestore


=================================
Candidate: CAN-1999-0188
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00182
Reference: XF:sun-passwd-dos

The passwd command in Solaris can be subjected to a denial of service.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0263
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00173
Reference: XF:sun-sunwadmap

Solaris SUNWadmap can be exploited to obtain root access.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0296
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00162
Reference: XF:sun-volrmmount

Solaris volrmmount program allows attackers to read any file.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0300
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00155
Reference: XF:sun-niscache

nis_cachemgr for Solaris NIS+ allows attackers to add malicious
NIS+ servers.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0301
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00149
Reference: AUSCERT:AUSCERT-97.17
Reference: XF:sun-ps2bo

Buffer overflow in SunOS/Solaris ps command.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0302
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00176
Reference: XF:sun-ftp-server

SunOS/Solaris FTP clients can be forced to execute arbitrary commands
from a malicious FTP server.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0320
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00166
Reference: XF:sun-rpc.cmsd

SunOS rpc.cmsd allows attackers to obtain root access by overwriting
arbitrary files.

Modifications:
  ADDREF XF:sun-rpc.cmsd

VOTES:
ACCEPT (3) Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sun-rpc.cmsd


=================================
Candidate: CAN-1999-0369
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00183
Reference: XF:sun-sdtcm-convert-bo

The Sun sdtcm_convert calendar utility for OpenWindows has a buffer
overflow which can gain root access.

Modifications:
  ADDREF XF:sun-sdtcm-convert-bo

VOTES:
ACCEPT (3) Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sun-sdtcm-convert-bo


 
Page Last Updated: May 22, 2007