|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FINAL DECISION: ACCEPT 9 candidates from VEN-BSD cluster
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. Voting details and comments are provided afterwards. The CVE names for candidates that reach Final Decision should be regarded as stable. In the case of these and all other candidates that reach Final Decision during this validation period, accepted candidates won't reach Publication phase until the CVE goes fully public. The only difference between Publication and Final Decision is that the CVE name is officially "announced" by MITRE during Publication. - Steve Candidate CVE Name --------- ---------- CAN-1999-0367 CVE-1999-0367 CAN-1999-0420 CVE-1999-0420 CAN-1999-0422 CVE-1999-0422 CAN-1999-0446 CVE-1999-0446 CAN-1999-0466 CVE-1999-0466 CAN-1999-0481 CVE-1999-0481 CAN-1999-0482 CVE-1999-0482 CAN-1999-0483 CVE-1999-0483 CAN-1999-0484 CVE-1999-0484 ================================= Candidate: CAN-1999-0367 Published: Final-Decision: 19990718 Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-002 NetBSD netstat command allows local users to access kernel memory. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0420 Published: Final-Decision: 19990718 Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-006 umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0422 Published: Final-Decision: 19990718 Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-007 In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0446 Published: Final-Decision: 19990718 Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-008 Reference: XF:netbsd-vfslocking-panic Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0466 Published: Final-Decision: 19990718 Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-009 The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0481 Published: Final-Decision: 19990718 Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: OPENBSD:Mar22,1999 Denial of service in "poll" in OpenBSD. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0482 Published: Final-Decision: 19990718 Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: OPENBSD:Mar21,1999 OpenBSD kernel crash through TSS handling, as caused by the crashme program. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0483 Published: Final-Decision: 19990718 Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: OPENBSD:Feb25,1999 OpenBSD crash using nlink value in FFS and EXT2FS filesystems. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0484 Published: Final-Decision: 19990718 Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: OPENBSD:Feb23,1999 Buffer overflow in OpenBSD ping. VOTES: ACCEPT(3) Northcutt, Shostack, Hill
|
||||
