[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PROPOSAL: Cluster 16 - NOREFS (23 candidates)



On Wed, Jul 14, 1999 at 02:30:49AM -0400, Steven M. Christey wrote:
| The following NOREFS cluster contains 23 candidates.  None of these
| candidates has a public reference, although they were likely obtained
| from some security tool database.  I looked for a vendor advisory for
| most of these candidates and wasn't able to find one.
| 
| Proposed: 7/13
| Scheduled Proposed: 7/6
| Scheduled Interim Decision: 7/19
| Scheduled Final Decision: 7/23
| 
| - Steve
| 
| 
| 
| Summary of votes to use (in ascending order of "severity"):
| 
| ACCEPT - member accepts the candidate as proposed
| NOOP - member has no opinion on the candidate
| MODIFY - member wants to change some minor detail (e.g. reference/description)
| REVIEWING - member is reviewing/researching the candidate
| RECAST - candidate must be significantly modified, e.g. split or merged
| REJECT - candidate is "not a vulnerability", or a duplicate, etc.
| 
| Please write your vote on the line that starts with "VOTE: ".  If you
| want to add comments or details, add them to lines after the VOTE: line.
| 
| 
| =================================
| Candidate: CAN-1999-0020
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Buffer overflow in Linux lpr command gives root access.
| 
| VOTE: NOOP
| 
| =================================
| Candidate: CAN-1999-0107
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Buffer overflow in HTTP Apache 1.2 or earlier, up to 1.2.5.
| 
| VOTE: noop
| 
| =================================
| Candidate: CAN-1999-0110
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Buffer overflow in fbformat command in Solaris.
| 
| VOTE: noop
| 
| =================================
| Candidate: CAN-1999-0114
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Local users can execute commands as other users, and read other users'
| files, through the filter command in the Elm elm-2.4 mail package
| using a symlink attack.
| 
| VOTE: accept
| 
| =================================
| Candidate: CAN-1999-0115
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| AIX bugfiler program allows local users to gain root access.
| 
| VOTE: noop
| 
| =================================
| Candidate: CAN-1999-0118
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| AIX infod allows local users to gain root access through an X display.
| 
| VOTE: noop
| 
| =================================
| Candidate: CAN-1999-0194
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Denial of service in in.comsat allows attackers to generate messages.
| 
| VOTE: accept
| 
| =================================
| Candidate: CAN-1999-0195
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Denial of service in RPC portmapper allows attackers to register or
| unregister RPC services, or spoof RPC services.
| 
| VOTE: accept
| 
| =================================
| Candidate: CAN-1999-0200
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| WFTP would allow an attacker to log into the FTP server using any
| username and password.
| 
| VOTE: modify.  WFTP is not sufficient; is this wu-, ws-, war-, or
another?

| 
| =================================
| Candidate: CAN-1999-0210
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Automount daemon in Solaris allows local or remote users privileged access,
| and access to remote users in conjunction with rpc.statd.
| 
| VOTE: modify I think there was an SNI advisory on this
| 
| =================================
| Candidate: CAN-1999-0217
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Malicious option settings in UDP packets could force a reboot in SunOS
| 4.1.3 systems.
| 
| VOTE: modify, make Andre give us a reference. :)
| 
| =================================
| Candidate: CAN-1999-0218
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Livingston portmaster machines could be rebooted via a series
| of commands.
| 
| VOTE: accept
| 
| =================================
| Candidate: CAN-1999-0222
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Denial of service in Cisco IOS web server allows attackers to reboot
| the router using a long URL.
| 
| VOTE: modify.  I follow cisco announcements and problems pretty
closely, and haven't seen this.  Source?
| 
| =================================
| Candidate: CAN-1999-0223
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Solaris syslogd crashes when receiving a message from a host that
| doesn't have an inverse DNS entry.
| 
| VOTE: noop
| 
| =================================
| Candidate: CAN-1999-0227
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Denial of service in LSASS.EXE program in Windows NT.
| 
| VOTE: accept
| 
| =================================
| Candidate: CAN-1999-0229
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Denial of service in Windows NT IIS server using ..\..
| 
| VOTE: accept
| 
| =================================
| Candidate: CAN-1999-0239
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Netscape FastTrack Web server lists files when a lowercase "get"
| command is used instead of an uppercase GET.
| 
| VOTE: modify, needs ref
| 
| =================================
| Candidate: CAN-1999-0242
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Remote attackers can access mail files via POP3 in some Linux systems
| that are using shadow passwords.
| 
| VOTE: noop
| 
| =================================
| Candidate: CAN-1999-0243
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Linux cfingerd could be exploited to gain root access.
| 
| VOTE: accept
| 
| =================================
| Candidate: CAN-1999-0249
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Windows NT RSHSVC program allows remote users to execute arbitrary
| commands.
| 
| VOTE: noop
| 
| =================================
| Candidate: CAN-1999-0286
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| In some NT web servers, appending a space at the end of a URL may
| allows attackers to read source code for active pages.
| 
| VOTE: accept
| 
| =================================
| Candidate: CAN-1999-0287
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Vulnerability in the Wguest CGI program.
| 
| VOTE: modify, allows file reading
| 
| =================================
| Candidate: CAN-1999-0330
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
| 
| Linux bdash game has a buffer overflow that allows local users to
| gain root access.
| 
| VOTE: noop

Page Last Updated or Reviewed: May 22, 2007