Re: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)

To: "Steven M. Christey" <coley@linus.mitre.org>, cve-editorial-board-list@lists.mitre.org
Subject: Re: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
From: Adam Shostack <adam@netect.com>
Date: Wed, 28 Jul 1999 14:23:32 -0400
In-Reply-To: <199907280135.VAA11320@basie.mitre.org>; from Steven M. Christey on Tue, Jul 27, 1999 at 09:35:04PM -0400
References: <199907280135.VAA11320@basie.mitre.org>
Reply-To: adam@netect.com

On Tue, Jul 27, 1999 at 09:35:04PM -0400, Steven M. Christey wrote:

| Candidate: CAN-1999-0248
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990728
| Assigned: 19990607
| Category: SF
| 
| sshd 1.2.17 can be compromised through the SSH protocol.
| 

| VOTE: modify http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
looks to me to be about the correct message that came from Tatu.
There are comments in changelog: * Improved the security of
auth_input_request_forwarding().

I'm not in favor of moving this forward without additional detail, but 
thought I'd add a confirming URL and comment.  We have insufficient
detail to accept it as a CVE.

Adam

References:
- PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
  - From: "Steven M. Christey" <coley@linus.mitre.org>

Prev by Date: Editorial Board archives available
Next by Date: What is sufficient detail for a CVE vulnerability?
Prev by thread: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
Next by thread: CONTENT DECISION: Distinctive descriptions to support lookup
Index(es):
- Date
- Thread

Page Last Updated: May 22, 2007

Common Vulnerabilities and Exposures

Re: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)