[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Cluster 15 - ONEREF (43 candidates)



The following ONEREF cluster contains 43 candidates, each of which has
one reference to a source, and the reference is not from the vendor.
Most of these only include references to the X-Force database.  This
is a modification of a REFS cluster that I had originally created (the
NOREFS cluster appears next).

I had treated the REFS cluster as Medium controversy because of the
belief that a single reference wasn't a guarantee that the
vulnerability was verified and described properly.  (No slight to
X-Force).  Since we are being flexible about references, in hindsight
these candidates should have been included in earlier low controversy
clusters.


Proposed: 7/13
Scheduled Proposed: 7/6
Scheduled Interim Decision: 7/19
Scheduled Final Decision: 7/23

- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0062
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:openbsd-chpass

The chpass command in OpenBSD gives root access when a temporary
file it uses is writeable by an attacker, due to an open file
descriptor.

VOTE:

=================================
Candidate: CAN-1999-0081
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:ftp-rnfr

wu-ftp allows files to be overwritten via the rnfr command.

VOTE:

=================================
Candidate: CAN-1999-0082
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:ftp-cwd

CWD ~root command in ftp allows root login

VOTE:

=================================
Candidate: CAN-1999-0083
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:cwdleak

getcwd() file descriptor leak in FTP

VOTE:

=================================
Candidate: CAN-1999-0120
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: CERT:CA-94.06.utmp.vulnerability
Reference: XF:utmp-write

Sun/Solaris utmp file allows local users to gain root access if it
is writable by users other than root.

VOTE:

=================================
Candidate: CAN-1999-0156
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:ftp-pwless

wu-ftpd FTP daemon allows any user and password combination.

VOTE:

=================================
Candidate: CAN-1999-0163
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:smtp-pipe

In older versions of Sendmail, an attacker could use a pipe character
to execute root commands.

VOTE:

=================================
Candidate: CAN-1999-0165
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:nfs-cache

NFS cache poisoning

VOTE:

=================================
Candidate: CAN-1999-0228
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:nt-rpc-ver

Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.

VOTE:

=================================
Candidate: CAN-1999-0252
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:smtp-listserv

Buffer overflow in listserv allows arbitrary command execution.

VOTE:

=================================
Candidate: CAN-1999-0294
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:nt-wins-snmp2

All records in a WINS database can be deleted through SNMP for
a denial of service.

VOTE:

=================================
Candidate: CAN-1999-0295
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:sun-sysdef

Solaris sysdef command allows local users to read kernel memory,
potentially leading to root privileges.

VOTE:

=================================
Candidate: CAN-1999-0303
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:bnu-uucpd-bo

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

VOTE:

=================================
Candidate: CAN-1999-0305
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:bsd-sourceroute

BSD sysctl control does not properly restrict source routing.

VOTE:

=================================
Candidate: CAN-1999-0306
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:hp-xlock

buffer overflow in HP xlock program.

VOTE:

=================================
Candidate: CAN-1999-0307
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:hpux-cstm-bo

Buffer overflow in HP-UX cstm program allows local users to gain
root privileges.

VOTE:

=================================
Candidate: CAN-1999-0308
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:hpux-gwind-overwrite
Reference: CIAC:H-03: HP-UX suid Vulnerabilities

HP-UX gwind program allows users to modify arbitrary files.

VOTE:

=================================
Candidate: CAN-1999-0310
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:ssh-1225

SSH 1.2.25 on HP-UX allows access to new user accounts.

VOTE:

=================================
Candidate: CAN-1999-0311
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:hpux-fpkg2swpk

fpkg2swpk in HP-UX allows local users to gain root access.

VOTE:

=================================
Candidate: CAN-1999-0312
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:nis-ypbind

HP ypbind allows attackers with root privileges to modify NIS data.

VOTE:

=================================
Candidate: CAN-1999-0313
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:sgi-disk-bandwidth

IRIX disk_bandwidth program allows local users to gain root access
using relative pathnames.

VOTE:

=================================
Candidate: CAN-1999-0314
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:sgi-ioconfig

IRIX ioconfig program allows local users to gain root access
using relative pathnames.

VOTE:

=================================
Candidate: CAN-1999-0316
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:linux-splitvt

Buffer overflow in Linux splitvt command gives root access to local
users.

VOTE:

=================================
Candidate: CAN-1999-0321
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:sun-kcms-configure-bo

Buffer overflow in Solaris kcms_configure command allows local users
to gain root access.

VOTE:

=================================
Candidate: CAN-1999-0324
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:hp-ppllog

ppl program in HP-UX allows local users to create root files through
symlinks.

VOTE:

=================================
Candidate: CAN-1999-0325
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:hp-vhe

vhe_u_mnt program in HP-UX allows local users to create root files through
symlinks.

VOTE:

=================================
Candidate: CAN-1999-0331
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:msie-bo

Buffer overflow in Internet Explorer 4.0(1)

VOTE:

=================================
Candidate: CAN-1999-0332
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:nt-netmeeting

Buffer overflow in NetMeeting allows denial of service and remote
command execution.

VOTE:

=================================
Candidate: CAN-1999-0335
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:lpr-bsd-lprbo

Buffer overflow in BSD and linux lpr command allows local users to
execute commands as root through the classification option.

VOTE:

=================================
Candidate: CAN-1999-0336
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:hpux-mstm-bo

Buffer overflow in mstm in HP-UX allows local users to gain root
access.

VOTE:

=================================
Candidate: CAN-1999-0340
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:linux-crond

Buffer overflow in Linux Slackware crond program allows local users
to gain root access.

VOTE:

=================================
Candidate: CAN-1999-0341
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:linux-deliver

Buffer overflow in the Linux mail program "deliver" allows local users
to gain root access.

VOTE:

=================================
Candidate: CAN-1999-0342
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:linux-pam-passwd-tmprace

Linux PAM modules allow local users to gain root access using
temporary files.

VOTE:

=================================
Candidate: CAN-1999-0343
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:palace-execute

A malicious Palace server can force a client to execute arbitrary
programs.

VOTE:

=================================
Candidate: CAN-1999-0344
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:nt-priv-fix

NT users can gain debug-level access on a system process using the
Sechole exploit.

VOTE:

=================================
Candidate: CAN-1999-0357
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan25,1999

Denial of service in Windows systems using malformed oshare packets.

VOTE:

=================================
Candidate: CAN-1999-0374
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb16,1999

Debian Linux cfengine package is susceptible to a symlink attack.

VOTE:

=================================
Candidate: CAN-1999-0468
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:ie-scriplet-fileread
Reference: BUGTRAQ:Apr9,1999

Internet Explorer 5.0 allows a remote server to read arbitrary files
on the client's file system using the Microsoft Scriptlet Component.

VOTE:

=================================
Candidate: CAN-1999-0471
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:winroute-config
Reference: BUGTRAQ:Apr9,1999

The remote proxy server in Winroute allows a remote attacker to
reconfigure the proxy without authentication through the "cancel"
button.

VOTE:

=================================
Candidate: CAN-1999-0472
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:netcache-snmp
Reference: BUGTRAQ:Apr7,1999

The SNMP default community name "public" is not properly removed in
NetApps C630 Netcache, even if the administrator tries to disable it.

VOTE:

=================================
Candidate: CAN-1999-0473
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:rsync-permissions
Reference: BUGTRAQ:Apr7,1999

The rsync command before rsync 2.3.1 may inadvertently change the
permissions of the client's working directory to the permissions of
the directory being transferred.

VOTE:

=================================
Candidate: CAN-1999-0474
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:icq-webserver-read
Reference: BUGTRAQ:Apr5,1999

The ICQ Webserver allows remote attackers to use .. to access
arbitrary files outside of the user's personal directory.

VOTE:

=================================
Candidate: CAN-1999-0475
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF
Reference: XF:procmail-race
Reference: BUGTRAQ:Apr5,1999

A race condition in how procmail handles .procmailrc files allows
a local user to read arbitrary files available to the user who is
running procmail.

VOTE:

Page Last Updated or Reviewed: May 22, 2007