INTERIM DECISION: ACCEPT 1 VEN-others candidates (Final 7/12)

To: cve-editorial-board-list@lists.mitre.org
Subject: INTERIM DECISION: ACCEPT 1 VEN-others candidates (Final 7/12)
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Mon, 12 Jul 1999 19:20:44 -0400 (EDT)
Sender: owner-cve-editorial-board-list@lists.mitre.org

I have made an Interim Decision to ACCEPT 1 of the candidates from
this cluster.  A Final Decision is scheduled for July 12.

Note that the remaining candidate CAN-1999-0358 (Digital "inc"
command) remains active, since it is affected by the "Same Time of
Discovery" and "Different Program, Same Code" content decisions.
Those content decisions have received little feedback since I posted
them for review on June 30th.

- Steve


*************************
MODIFY
*************************

=================================
Candidate: CAN-1999-0433
Published:
Final-Decision:
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUSE:Mar28,1999
Reference: BUGTRAQ:Mar21,1999
Reference: XF:xfree86-temp-directories

XFree86 startx command is vulnerable to a symlink attack, allowing local
users to create files in restricted directories, possibly allowing
them to gain privileges or cause a denial of service.

Modifications:
  ADDREF XF:xfree86-temp-directories

VOTES:
   ACCEPT(4) Shostack, Northcutt, Prosser, Hill
   MODIFY(1) Frech

COMMENTS:
 Frech> Reference: XF:xfree86-temp-directories

Prev by Date: INTERIM DECISION: ACCEPT 10 VEN-ROUTER candidates (Final 7/12)
Next by Date: INTERIM DECISION: ACCEPT 9 VEN-HP candidates (Final 7/12)
Prev by thread: INTERIM DECISION: ACCEPT 10 VEN-ROUTER candidates (Final 7/12)
Next by thread: INTERIM DECISION: ACCEPT 9 VEN-HP candidates (Final 7/12)
Index(es):
- Date
- Thread

Page Last Updated: May 22, 2007

Common Vulnerabilities and Exposures

INTERIM DECISION: ACCEPT 1 VEN-others candidates (Final 7/12)