[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PROPOSAL: Cluster 30 - NOVULN (19 candidates)
- To: cve-editorial-board-list@lists.mitre.org
- Subject: PROPOSAL: Cluster 30 - NOVULN (19 candidates)
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Wed, 28 Jul 1999 20:35:59 -0400 (EDT)
- Sender: owner-cve-editorial-board-list@lists.mitre.org
Some of these candidates fall under the "Not a CVE Vulnerability" content decisions proposed in my previous email. If those content decisions are accepted, then those candidates should be REJECTed. It's likely that the other candidates will not be considered vulnerabilities, either, but most of them also satisfy the current CVE definition. Beta Code Exception - CAN-1999-0119, CAN-1999-0459, possibly CAN-1999-0397 Client-Side Denial of Service Exception - CAN-1999-0465 CAN-1999-0361, CAN-1999-0364, and CAN-1999-0397 deal with vulnerabilities where a password is stored or transmitted in cleartext. But was it an intentional design choice? Were the users aware that this was the case? Does the surrounding environment (e.g. the OS) prevent this from being otherwise? Should we treat cleartext the same way we treat weak encryption? Should we distinguish between "critical" passwords that are stored in cleartext, versus other passwords? CAN-1999-0403 is more a hardware problem than a software problem, but it can be exploited from software. Should we stay away from hardware problems, even if they can be exploited through software and cause significant damage or increased access? CAN-1999-0453 and CAN-1999-0454 deal with fingerprinting, i.e. being able to tell the characteristics of an application or OS by how it behaves, thus being useful for information gathering. Is it a vulnerability that nmap and queso are fairly accurate in remotely determining a host's OS? How about being able to determine the existence of a file or user by comparing responses from the server - even if the responses are compliant with the protocol? CAN-1999-0570 and CAN-1999-0584 are cases where something is *NOT* being used. These do not really satisfy the CVE vulnerability definition. Note that CAN-1999-0570 is used in several tools, and CAN-1999-0584 has been referenced in many security books. CAN-1999-0592, CAN-1999-0593, CAN-1999-0594, CAN-1999-0595, CAN-1999-0596, CAN-1999-0597, CAN-1999-0603, CAN-1999-0654 are all Windows NT related configuration problems. Some are associated with C2 compliance, others are related to information gathering, and others can not be proven to satisfy the CVE vulnerability definition (e.g. CAN-1999-0603). All, however, are referenced by a number of tools. ================================= Candidate: CAN-1999-0119 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Windows NT 4.0 beta allows users to read and delete shares. ================================= Candidate: CAN-1999-0361 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan29,1999 NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging. ================================= Candidate: CAN-1999-0364 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb04,1999 Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. ================================= Candidate: CAN-1999-0397 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: L0PHT:Jan21,1999 Reference: BUGTRAQ:Jan21,1999 The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext. ================================= Candidate: CAN-1999-0403 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb4,1999 Reference: XF:cyrix-hang A bug in Cyrix CPU's on Linux allows local users to perform a denial of service. ================================= Candidate: CAN-1999-0453 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Dicsovery Protocol (CDP). ================================= Candidate: CAN-1999-0454 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. ================================= Candidate: CAN-1999-0459 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: XF:linux-milo-halt Local users can perform a denial of service in Alpha Linux, using MILO to force a reboot. ================================= Candidate: CAN-1999-0465 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: XF:http-img-overflow Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter. ================================= Candidate: CAN-1999-0570 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: CF Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ================================= Candidate: CAN-1999-0584 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: CF A Windows NT file system is not NTFS. ================================= Candidate: CAN-1999-0592 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: CF The Logon box of a Windows NT system displays the name of the last user who logged in. ================================= Candidate: CAN-1999-0593 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: CF A user is allowed to shut down a Windows NT system without logging in. ================================= Candidate: CAN-1999-0594 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: CF A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. ================================= Candidate: CAN-1999-0595 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: CF A Windows NT system does not clear the system page file during shutdown. ================================= Candidate: CAN-1999-0596 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: CF A Windows NT log file has an inappropriate maximum size or retention period. ================================= Candidate: CAN-1999-0597 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: CF A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. ================================= Candidate: CAN-1999-0603 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: CF In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. ================================= Candidate: CAN-1999-0654 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SA The OS/2 or POSIX subsystem in NT is enabled.
- Prev by Date: Re: CONTENT DECISION: Not a CVE Vulnerability
- Next by Date: PROPOSAL: Cluster 31 - CFMISC (18 candidates)
- Prev by thread: Re: CONTENT DECISION: Not a CVE Vulnerability
- Next by thread: PROPOSAL: Cluster 31 - CFMISC (18 candidates)
- Index(es):
