[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: PROPOSAL: Cluster 20 - DESIGN (27 candidates)
- To: cve-editorial-board-list@lists.mitre.org
- Subject: RE: PROPOSAL: Cluster 20 - DESIGN (27 candidates)
- From: Craig Ozancin <cozancin@axent.com>
- Date: Tue, 27 Jul 1999 16:35:09 -0400
- Sender: owner-cve-editorial-board-list@lists.mitre.org
================================= Candidate: CAN-1999-0074 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: XF:seqport Listening TCP ports are sequentially allocated, allowing spoofing attacks. VOTE: Accept ================================= Candidate: CAN-1999-0077 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF TCP sequence prediction VOTE: Accept ================================= Candidate: CAN-1999-0103 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: CERT:CA-96.01.UDP_service_denial Reference: XF:chargen-patch Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. VOTE: Accept ================================= Candidate: CAN-1999-0111 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF RIP v1 is susceptible to spoofing VOTE: Accept ================================= Candidate: CAN-1999-0116 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: CERT:CA-96.21.tcp_syn.flooding Reference: SGI:19961202-01-PX Reference: SUN:00136 SYN flood denial of service attack VOTE: Accept ================================= Candidate: CAN-1999-0168 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: XF:nfs-portmap The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. VOTE: Accept ================================= Candidate: CAN-1999-0181 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: XF:walld The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. VOTE: Accept ================================= Candidate: CAN-1999-0184 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: XF:dns-updates When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. VOTE: Accept ================================= Candidate: CAN-1999-0214 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Denial of service by sending forged ICMP unreachable packets. VOTE: Accept ================================= Candidate: CAN-1999-0351 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: INFOWAR:01 FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. VOTE: Accept ================================= Candidate: CAN-1999-0352 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software Reference: XF:controlit-passwd-encrypt ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption. VOTE: Recast Can we combine this with CAN-1999-0356 - ControlIT(tm) 4.5 and earlier uses weak encryption. ================================= Candidate: CAN-1999-0356 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software Reference: XF:controlit-bookfile-access ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book. VOTE: Recast ================================= Candidate: CAN-1999-0377 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb22,1999 Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services. VOTE: Accept ================================= Candidate: CAN-1999-0414 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: NAI: Linux Blind TCP Spoofing In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. VOTE: Accept ================================= Candidate: CAN-1999-0470 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: XF:netware-remotenlm-passwords Reference: BUGTRAQ:Apr9,1999 A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. VOTE: Accept ================================= Candidate: CAN-1999-0476 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SF Reference: XF:sco-termvision-password A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. VOTE: Accept ================================= Candidate: CAN-1999-0612 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The finger service is running. VOTE: Accept ================================= Candidate: CAN-1999-0613 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The rpc.sprayd service is running. VOTE: Accept ================================= Candidate: CAN-1999-0618 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The rexec service is running. VOTE: Accept ================================= Candidate: CAN-1999-0624 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The rstat/rstatd service is running. VOTE: Accept ================================= Candidate: CAN-1999-0625 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The rpc.rquotad service is running. VOTE: Accept ================================= Candidate: CAN-1999-0626 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The rusers/rusersd service is running. VOTE: Accept ================================= Candidate: CAN-1999-0627 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The rexd service is running. VOTE: Accept ================================= Candidate: CAN-1999-0628 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The rwho/rwhod service is running. VOTE: Accept ================================= Candidate: CAN-1999-0629 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The ident/identd service is running. VOTE: Accept ================================= Candidate: CAN-1999-0647 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA The bootparam (bootparamd) service is running. VOTE: Accept ================================= Candidate: CAN-1999-0655 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: SA A service may include useful information in its banner or help function (such as the name and version), making it useful for information gathering activities. VOTE: Accept
- Prev by Date: Re: PROPOSAL: Cluster 19 - NTCONFIG (13 candidates)
- Next by Date: RE: PROPOSAL: Cluster 19 - NTCONFIG (13 candidates)
- Prev by thread: RE: PROPOSAL: Cluster 20 - DESIGN (27 candidates)
- Next by thread: RE: PROPOSAL: Cluster 20 - DESIGN (27 candidates)
- Index(es):
