[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FINAL DECISION: ACCEPT 9 candidates from VEN-HP cluster



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  Voting
details and comments are provided afterwards.

The CVE names for candidates that reach Final Decision should be
regarded as stable.  In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until the CVE goes fully
public.  The only difference between Publication and Final Decision is
that the CVE name is officially "announced" by MITRE during
Publication.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0309	CVE-1999-0309
CAN-1999-0423	CVE-1999-0423
CAN-1999-0326	CVE-1999-0326
CAN-1999-0353	CVE-1999-0353
CAN-1999-0432	CVE-1999-0432
CAN-1999-0436	CVE-1999-0436
CAN-1999-0447	CVE-1999-0447
CAN-1999-0478	CVE-1999-0478
CAN-1999-0479	CVE-1999-0479


=================================
Candidate: CAN-1999-0309
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: XF:hpux-vgdisplay
Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability

HP-UX vgdisplay program gives root access to local users.

VOTES:
   ACCEPT(2) Frech, Hill
   NOOP(2) Shostack, Northcutt


=================================
Candidate: CAN-1999-0326
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: HP:HPSBUX9710-071
Reference: XF:hp-mediainit

Vulnerability in HP-UX mediainit program.

Modifications:
  ADDREF XF:hp-mediainit

VOTES:
   ACCEPT(1) Hill
   MODIFY(1) Frech
   NOOP(2) Shostack, Northcutt

COMMENTS:
 Frech> Reference: XF:hp-mediainit


=================================
Candidate: CAN-1999-0353
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: HP:HPSBUX9902-091
Reference: CIAC:J-026
Reference: XF:pcnfsd-world-write

rpc.pcnfsd in HP gives remote root access by changing the permissions
on the main printer spool directory.

Modifications:
  ADDREF XF:pcnfsd-world-write

VOTES:
   ACCEPT(1) Hill
   MODIFY(1) Frech
   NOOP(2) Shostack, Northcutt

COMMENTS:
 Frech> Reference: XF:pcnfsd-world-write


=================================
Candidate: CAN-1999-0423
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990718-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: HP:HPSBUX9903-093
Reference: XF:hp-hpterm-files

Vulnerability in hpterm on HP-UX 10.20 allows local users to gain
additional privileges.

Modifications:
  ADDREF XF:hp-hpterm-files

VOTES:
   ACCEPT(2) Frech, Hill
   NOOP(2) Shostack, Northcutt


=================================
Candidate: CAN-1999-0432
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: HP:HPSBUX9903-094
Reference: XF:hp-ftp

ftp on HP-UX 11.00 allows local users to gain privileges.

Modifications:
  ADDREF XF:hp-ftp

VOTES:
   ACCEPT(1) Hill
   MODIFY(1) Frech
   NOOP(2) Shostack, Northcutt

COMMENTS:
 Frech> Reference: XF:hp-ftp


=================================
Candidate: CAN-1999-0436
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990718-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: HP:HPSBUX9903-095
Reference: XF:hp-desms-servers

Domain Enterprise Server Management System (DESMS) in HP-UX allows
local users to gain privileges.

Modifications:
  ADDREF XF:hp-desms-servers

VOTES:
   ACCEPT(1) Hill
   MODIFY(1) Frech
   NOOP(2) Shostack, Northcutt

COMMENTS:
 Frech> Reference: XF:hp-desms-servers


=================================
Candidate: CAN-1999-0447
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990718-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: HP:HPSBMP9904-006
Reference: XF:mpeix-debug

Local users can gain privileges using the debug utility in the MPE/iX
operating system.

Modifications:
  ADDREF XF:mpeix-debug

VOTES:
   ACCEPT(1) Hill
   MODIFY(1) Frech
   NOOP(2) Shostack, Northcutt

COMMENTS:
 Frech> Reference: XF:mpeix-debug


=================================
Candidate: CAN-1999-0478
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990718-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: HP:HPSBUX9904-097
Reference: XF:sendmail-headers-dos

Denial of service in HP-UX sendmail 8.8.6 related to accepting
connections.

Modifications:
  ADDREF XF:sendmail-headers-dos

VOTES:
   ACCEPT(1) Hill
   MODIFY(1) Frech
   NOOP(2) Shostack, Northcutt

COMMENTS:
 Frech> Reference: XF:sendmail-headers-dos


=================================
Candidate: CAN-1999-0479
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990718-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: HP:HPSBUX9903-092
Reference: XF:netscape-server-dos

Denial of service Netscape Enterprise Server with VirtualVault on
HP-UX VVOS systems.

Modifications:
  ADDREF XF:netscape-server-dos

VOTES:
   ACCEPT(1) Hill
   MODIFY(1) Frech
   NOOP(2) Shostack, Northcutt

COMMENTS:
 Frech> Reference: XF:netscape-server-dos

 
Page Last Updated: May 22, 2007