[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
- To: "Steven M. Christey" <coley@linus.mitre.org>, cve-editorial-board-list@lists.mitre.org
- Subject: Re: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
- From: Adam Shostack <adam@netect.com>
- Date: Wed, 28 Jul 1999 14:23:32 -0400
- In-Reply-To: <199907280135.VAA11320@basie.mitre.org>; from Steven M. Christey on Tue, Jul 27, 1999 at 09:35:04PM -0400
- References: <199907280135.VAA11320@basie.mitre.org>
- Reply-To: adam@netect.com
On Tue, Jul 27, 1999 at 09:35:04PM -0400, Steven M. Christey wrote: | Candidate: CAN-1999-0248 | Published: | Final-Decision: | Interim-Decision: | Modified: | Announced: 19990728 | Assigned: 19990607 | Category: SF | | sshd 1.2.17 can be compromised through the SSH protocol. | | VOTE: modify http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html looks to me to be about the correct message that came from Tatu. There are comments in changelog: * Improved the security of auth_input_request_forwarding(). I'm not in favor of moving this forward without additional detail, but thought I'd add a confirming URL and comment. We have insufficient detail to accept it as a CVE. Adam
- References:
- PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
- From: "Steven M. Christey" <coley@linus.mitre.org>
- PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
- Prev by Date: Editorial Board archives available
- Next by Date: What is sufficient detail for a CVE vulnerability?
- Prev by thread: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
- Next by thread: CONTENT DECISION: Distinctive descriptions to support lookup
- Index(es):
