|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] PROPOSAL: Cluster 15 - ONEREF (43 candidates)
The following ONEREF cluster contains 43 candidates, each of which has one reference to a source, and the reference is not from the vendor. Most of these only include references to the X-Force database. This is a modification of a REFS cluster that I had originally created (the NOREFS cluster appears next). I had treated the REFS cluster as Medium controversy because of the belief that a single reference wasn't a guarantee that the vulnerability was verified and described properly. (No slight to X-Force). Since we are being flexible about references, in hindsight these candidates should have been included in earlier low controversy clusters. Proposed: 7/13 Scheduled Proposed: 7/6 Scheduled Interim Decision: 7/19 Scheduled Final Decision: 7/23 - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0062 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:openbsd-chpass The chpass command in OpenBSD gives root access when a temporary file it uses is writeable by an attacker, due to an open file descriptor. VOTE: ================================= Candidate: CAN-1999-0081 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:ftp-rnfr wu-ftp allows files to be overwritten via the rnfr command. VOTE: ================================= Candidate: CAN-1999-0082 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:ftp-cwd CWD ~root command in ftp allows root login VOTE: ================================= Candidate: CAN-1999-0083 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:cwdleak getcwd() file descriptor leak in FTP VOTE: ================================= Candidate: CAN-1999-0120 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: CERT:CA-94.06.utmp.vulnerability Reference: XF:utmp-write Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. VOTE: ================================= Candidate: CAN-1999-0156 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:ftp-pwless wu-ftpd FTP daemon allows any user and password combination. VOTE: ================================= Candidate: CAN-1999-0163 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:smtp-pipe In older versions of Sendmail, an attacker could use a pipe character to execute root commands. VOTE: ================================= Candidate: CAN-1999-0165 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:nfs-cache NFS cache poisoning VOTE: ================================= Candidate: CAN-1999-0228 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:nt-rpc-ver Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. VOTE: ================================= Candidate: CAN-1999-0252 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:smtp-listserv Buffer overflow in listserv allows arbitrary command execution. VOTE: ================================= Candidate: CAN-1999-0294 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:nt-wins-snmp2 All records in a WINS database can be deleted through SNMP for a denial of service. VOTE: ================================= Candidate: CAN-1999-0295 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:sun-sysdef Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. VOTE: ================================= Candidate: CAN-1999-0303 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:bnu-uucpd-bo Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. VOTE: ================================= Candidate: CAN-1999-0305 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:bsd-sourceroute BSD sysctl control does not properly restrict source routing. VOTE: ================================= Candidate: CAN-1999-0306 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:hp-xlock buffer overflow in HP xlock program. VOTE: ================================= Candidate: CAN-1999-0307 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:hpux-cstm-bo Buffer overflow in HP-UX cstm program allows local users to gain root privileges. VOTE: ================================= Candidate: CAN-1999-0308 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:hpux-gwind-overwrite Reference: CIAC:H-03: HP-UX suid Vulnerabilities HP-UX gwind program allows users to modify arbitrary files. VOTE: ================================= Candidate: CAN-1999-0310 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:ssh-1225 SSH 1.2.25 on HP-UX allows access to new user accounts. VOTE: ================================= Candidate: CAN-1999-0311 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:hpux-fpkg2swpk fpkg2swpk in HP-UX allows local users to gain root access. VOTE: ================================= Candidate: CAN-1999-0312 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:nis-ypbind HP ypbind allows attackers with root privileges to modify NIS data. VOTE: ================================= Candidate: CAN-1999-0313 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:sgi-disk-bandwidth IRIX disk_bandwidth program allows local users to gain root access using relative pathnames. VOTE: ================================= Candidate: CAN-1999-0314 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:sgi-ioconfig IRIX ioconfig program allows local users to gain root access using relative pathnames. VOTE: ================================= Candidate: CAN-1999-0316 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:linux-splitvt Buffer overflow in Linux splitvt command gives root access to local users. VOTE: ================================= Candidate: CAN-1999-0321 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:sun-kcms-configure-bo Buffer overflow in Solaris kcms_configure command allows local users to gain root access. VOTE: ================================= Candidate: CAN-1999-0324 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:hp-ppllog ppl program in HP-UX allows local users to create root files through symlinks. VOTE: ================================= Candidate: CAN-1999-0325 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:hp-vhe vhe_u_mnt program in HP-UX allows local users to create root files through symlinks. VOTE: ================================= Candidate: CAN-1999-0331 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:msie-bo Buffer overflow in Internet Explorer 4.0(1) VOTE: ================================= Candidate: CAN-1999-0332 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:nt-netmeeting Buffer overflow in NetMeeting allows denial of service and remote command execution. VOTE: ================================= Candidate: CAN-1999-0335 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:lpr-bsd-lprbo Buffer overflow in BSD and linux lpr command allows local users to execute commands as root through the classification option. VOTE: ================================= Candidate: CAN-1999-0336 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:hpux-mstm-bo Buffer overflow in mstm in HP-UX allows local users to gain root access. VOTE: ================================= Candidate: CAN-1999-0340 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:linux-crond Buffer overflow in Linux Slackware crond program allows local users to gain root access. VOTE: ================================= Candidate: CAN-1999-0341 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:linux-deliver Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. VOTE: ================================= Candidate: CAN-1999-0342 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:linux-pam-passwd-tmprace Linux PAM modules allow local users to gain root access using temporary files. VOTE: ================================= Candidate: CAN-1999-0343 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:palace-execute A malicious Palace server can force a client to execute arbitrary programs. VOTE: ================================= Candidate: CAN-1999-0344 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:nt-priv-fix NT users can gain debug-level access on a system process using the Sechole exploit. VOTE: ================================= Candidate: CAN-1999-0357 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan25,1999 Denial of service in Windows systems using malformed oshare packets. VOTE: ================================= Candidate: CAN-1999-0374 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb16,1999 Debian Linux cfengine package is susceptible to a symlink attack. VOTE: ================================= Candidate: CAN-1999-0468 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:ie-scriplet-fileread Reference: BUGTRAQ:Apr9,1999 Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. VOTE: ================================= Candidate: CAN-1999-0471 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:winroute-config Reference: BUGTRAQ:Apr9,1999 The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. VOTE: ================================= Candidate: CAN-1999-0472 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:netcache-snmp Reference: BUGTRAQ:Apr7,1999 The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. VOTE: ================================= Candidate: CAN-1999-0473 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:rsync-permissions Reference: BUGTRAQ:Apr7,1999 The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. VOTE: ================================= Candidate: CAN-1999-0474 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:icq-webserver-read Reference: BUGTRAQ:Apr5,1999 The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory. VOTE: ================================= Candidate: CAN-1999-0475 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Reference: XF:procmail-race Reference: BUGTRAQ:Apr5,1999 A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. VOTE:
|
||||
