[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VOTES: Recorded votes for recent clusters



Below is a list of votes that includes some votes that were sent to me
directly instead of the list.  They are for the following clusters:
NTCONFIG, VERIFY-TOOL, NETCONF, CFMISC, DESC, NOVULN, DATA,
NT-REGISTRY, SA-LITTLE, SA-ATTACK, SA-HIST, SA-OTHER, MPAN, and MULT.

- Steve



--------------------- CLUSTER NTCONFIG ---------------------

NTCONFIG (13 candidates)
--------------------
Proposed: 7/20
Scheduled Proposed: 7/6
Scheduled Interim Decision: 8/2
Scheduled Final Decision: 8/6

Configuration problems related to NT


Voters:
  Shostack ACCEPT(12) REJECT(1)
  Wall ACCEPT(12) REVIEWING(1)
  Ozancin ACCEPT(9) MODIFY(3) RECAST(1)
  Christey ACCEPT(2)
  Northcutt ACCEPT(2) MODIFY(1) NOOP(1) RECAST(3) REJECT(6)
  Baker ACCEPT(8) MODIFY(2) REJECT(1) REVIEWING(2)


<PROPOSED> --> 13
ACCEPT --> 3
MODIFY --> 1
RECAST --> 3
REJECT --> 6

=================================
Candidate: CAN-1999-0499
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

NETBIOS share information may be published through SNMP registry keys
in NT.

VOTES:
   ACCEPT(5) Wall, Northcutt, Baker, Shostack, Ozancin


=================================
Candidate: CAN-1999-0534
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

A Windows NT user has inappropriate rights or privileges, e.g. Act as
System, Add Workstation, Backup, Change System Time, Create Pagefile,
Create Permanent Object, Create Token Name, Debug, Generate Security
Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory,
Profile Single Process, Remote Shutdown, Replace Process Token,
Restore, System Environment, Take Ownership, or Unsolicited Input.

VOTES:
   ACCEPT(5) Wall, Baker, Shostack, Ozancin, Christey
   MODIFY(1) Northcutt

COMMENTS:
 Northcutt> If we are going to write a laundry list put access to the scheduler in it.
 Christey> The list of privileges is very useful for lookup.


=================================
Candidate: CAN-1999-0535
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

A Windows NT account policy for passwords has inappropriate,
security-critical settings, e.g. for password length, password age, or
uniqueness.

VOTES:
   ACCEPT(2) Wall, Shostack
   MODIFY(1) Baker
   RECAST(2) Northcutt, Ozancin

COMMENTS:
 Northcutt> inappropriate implies there is appropriate.  As a guy who has been
 Northcutt> monitoring
 Northcutt> networks for years I have deep reservations about justiying the existance
 Northcutt> of any fixed cleartext password. For appropriate to exist, some "we" would
 Northcutt> have to establish some criteria for appropriate passwords.
 Baker> Perhaps this could be re-worded a bit.  The CVE CAN-1999-00582
 Baker> specifies "...settings for lockouts".  To remain consistent with the
 Baker> other, maybe it should specify "...settings for passwords" I think
 Baker> most people would agree that passwords should be at least 8
 Baker> characters; contain letters (upper and lowercase), numbers and at
 Baker> least one non-alphanumeric; should only be good a limited time 30-90
 Baker> days; and should not contain character combinations from user's prior
 Baker> 2 or 3 passwords.
 Baker> Suggested rewrite -
 Baker> A Windows NT account policy does not enforce reasonable minimum
 Baker> security-critical settings for passwords, e.g. passwords of sufficient
 Baker> length, periodic required password changes, or new password uniqueness
 Ozancin> What is appropriate?


=================================
Candidate: CAN-1999-0546
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

The Windows NT guest account is enabled.

VOTES:
   ACCEPT(5) Wall, Northcutt, Baker, Shostack, Ozancin


=================================
Candidate: CAN-1999-0562
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

The registry in Windows NT can be accessed remotely by users who are
not administrators.

VOTES:
   ACCEPT(4) Wall, Baker, Shostack, Ozancin
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> This isn't all or nothing, users may be allowed to access part of the
 Northcutt> registry.


=================================
Candidate: CAN-1999-0572
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

..reg files are associated with the Windows NT registry editor, making
the registry susceptible to Trojan Horse attacks.

VOTES:
   ACCEPT(4) Wall, Baker, Shostack, Ozancin
   NOOP(1) Northcutt

COMMENTS:
 Northcutt> I don't quite get what this means, sorry


=================================
Candidate: CAN-1999-0575
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

A Windows NT system's user audit policy does not log an event success
or failure, e.g. for Logon and Logoff, File and Object Access, Use of
User Rights, User and Group Management, Security Policy Changes,
Restart, Shutdown, and System, and Process Tracking.

VOTES:
   ACCEPT(4) Wall, Shostack, Ozancin, Christey
   RECAST(1) Northcutt
   REVIEWING(1) Baker

COMMENTS:
 Northcutt> It isn't a great truth that you should enable all or the above, if you
 Northcutt> do you potentially introduce a vulnerbility of filling up the file
 Northcutt> system with stuff you will never look at.
 Ozancin> It is far less interesting what a user does successfully that what they
 Ozancin> attempt and fail at.
 Christey> The list of event types is very useful for lookup.


=================================
Candidate: CAN-1999-0576
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

A Windows NT system's file audit policy does not log an event success
or failure for security-critical files or directories.

VOTES:
   ACCEPT(3) Wall, Baker, Shostack
   MODIFY(1) Ozancin
   REJECT(1) Northcutt

COMMENTS:
 Northcutt> 1.) Too general are we ready to state what the security-critical files
 Northcutt> and directories are
 Northcutt> 2.) Does Ataris, Windows CE, PalmOS, Linux have such a capability
 Ozancin> Some files and directories are clearly understood to be critical. Others are
 Ozancin> unclear. We need to clarify that critical is.


=================================
Candidate: CAN-1999-0577
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

A Windows NT system's file audit policy does not log an event success
or failure for non-critical files or directories.

VOTES:
   ACCEPT(2) Wall, Shostack
   MODIFY(1) Ozancin
   REJECT(1) Northcutt
   REVIEWING(1) Baker

COMMENTS:
 Ozancin> It is far less interesting what a user does successfully that what they
 Ozancin> attempt and fail at.
 Ozancin> Perhaps only failure should be logged.


=================================
Candidate: CAN-1999-0578
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

A Windows NT system's registry audit policy does not log an event
success or failure for security-critical registry keys.

VOTES:
   ACCEPT(4) Wall, Baker, Shostack, Ozancin
   REJECT(1) Northcutt

COMMENTS:
 Ozancin> with reservation
 Ozancin> Again what is defined as critical


=================================
Candidate: CAN-1999-0579
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

A Windows NT system's registry audit policy does not log an event
success or failure for non-critical registry keys.

VOTES:
   ACCEPT(3) Wall, Baker, Shostack
   MODIFY(1) Ozancin
   REJECT(1) Northcutt

COMMENTS:
 Ozancin> Again only failure may be of interest. It would be impractical to wad
 Ozancin> through the incredibly large amount of logging that this would generate. It
 Ozancin> could overwhelm log entries that you might find interesting.


=================================
Candidate: CAN-1999-0582
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

A Windows NT account policy has inappropriate, security-critical
settings for lockout, e.g. lockout duration, lockout after bad logon
attempts, etc.

VOTES:
   ACCEPT(3) Wall, Shostack, Ozancin
   MODIFY(1) Baker
   REJECT(1) Northcutt

COMMENTS:
 Northcutt> The definition is?
 Baker> Maybe a rewording of this one too.  I think most people would agree on
 Baker> some "minimum" policies like 3-5 bad attempts lockout for an hour or
 Baker> until the administrator unlocks the account.
 Baker> Suggested rewrite -
 Baker> A Windows NT account policy does not enforce reasonable minimum
 Baker> security-critical settings for lockouts, e.g. lockout duration,
 Baker> lockout after bad logon attempts, etc.
 Ozancin> with reservations
 Ozancin> What is appropriate?


=================================
Candidate: CAN-1999-0585
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990721
Assigned: 19990607
Category: CF

A Windows NT administrator account has the default name of
Administrator.

VOTES:
   ACCEPT(1) Ozancin
   REJECT(3) Northcutt, Baker, Shostack
   REVIEWING(1) Wall

COMMENTS:
 Wall> Some sources say this is not a vulnerability, but a warning.  It just
 Wall> slows down the search for the admin account (SID = 500) which can
 Wall> always be found.
 Northcutt> I change this on all NT systems I am responsible for, but is
 Northcutt> root a vulnerability?
 Baker> There are ways to identify the administrator account anyway, so this
 Baker> is only a minor delay to someone that is knowledgeable.  This, in and
 Baker> of itself, doesn't really strike me as a vulnerability, anymore than
 Baker> the root account on a Unix box.
 Shostack> (there is no way to hide the account name today)




--------------------- CLUSTER VERIFY-TOOL ---------------------

VERIFY-TOOL (7 candidates)
--------------------
Proposed: 7/27
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Problems mentioned in a tool, but not seen in other VDB's


Voters:
  Frech NOOP(1)
  Shostack MODIFY(1)
  Northcutt ACCEPT(5) NOOP(2)


<PROPOSED> --> 7
ACCEPT --> 4
MODIFY --> 1
NOOP --> 2

=================================
Candidate: CAN-1999-0220
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

Attackers can do a denial of service of IRC by crashing the server.

VOTES:
   NOOP(1) Northcutt


=================================
Candidate: CAN-1999-0226
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

Windows NT TCP/IP processes fragmented IP packets improperly, causing
a denial of service.

VOTES:
   ACCEPT(1) Northcutt


=================================
Candidate: CAN-1999-0240
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

Some filters or firewalls allow fragmented SYN packets with IP
reserved bits in violation of their implemented policy.

VOTES:
   ACCEPT(1) Northcutt


=================================
Candidate: CAN-1999-0247
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

Buffer overflow in nnrpd program in INN allows remote users to execute
arbitrary commands.

VOTES:
   NOOP(1) Northcutt


=================================
Candidate: CAN-1999-0248
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

sshd 1.2.17 can be compromised through the SSH protocol.

VOTES:
   ACCEPT(1) Northcutt
   MODIFY(1) Shostack
   NOOP(1) Frech

COMMENTS:
 Shostack> http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
 Shostack> looks to me to be about the correct message that came from Tatu.
 Shostack> There are comments in changelog: * Improved the security of
 Shostack> auth_input_request_forwarding().
 Shostack>
 Shostack> I'm not in favor of moving this forward without additional detail, but
 Shostack> thought I'd add a confirming URL and comment.  We have insufficient
 Shostack> detail to accept it as a CVE.
 Frech> Try http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1; to wit
 Frech> (see asterisked section):
 Frech> ...
 Frech> *****
 Frech> Versions of ssh prior to 1.2.17 had problems with authentication agent
 Frech> handling on some machines. There is a chance (a race condition) that a
 Frech> malicious user could steal another user's credentials. This should be fixed
 Frech> in 1.2.17.
 Frech> *****


=================================
Candidate: CAN-1999-0493
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

A remote attacker can bounce RPC calls through rpc.statd.

VOTES:
   ACCEPT(1) Northcutt


=================================
Candidate: CAN-1999-0495
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

A remote attacker can gain access to a file system using ..  (dot dot)
when accessing SMB shares.

VOTES:
   ACCEPT(1) Northcutt




--------------------- CLUSTER NETCONF ---------------------

NETCONF (12 candidates)
--------------------
Proposed: 7/26
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Network configuration problems


Voters:
  Northcutt ACCEPT(3) NOOP(1) RECAST(1) REJECT(7)


<PROPOSED> --> 12
ACCEPT --> 3
NOOP --> 1
RECAST --> 1
REJECT --> 7

=================================
Candidate: CAN-1999-0510
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

A router or firewall allows source routed packets from arbitrary
hosts.

VOTES:
   ACCEPT(1) Northcutt


=================================
Candidate: CAN-1999-0511
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

IP forwarding is enabled on a machine which is not a router or
firewall.

VOTES:
   ACCEPT(1) Northcutt


=================================
Candidate: CAN-1999-0523
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

ICMP echo (ping) is allowed from arbitrary hosts.

VOTES:
   REJECT(1) Northcutt

COMMENTS:
 Northcutt> (Though I sympathize with this one :)


=================================
Candidate: CAN-1999-0524
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

ICMP information such as netmask and timestamp is allowed from
arbitrary hosts.

VOTES:
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0525
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

IP traceroute is allowed from arbitrary hosts.

VOTES:
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0528
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

A router or firewall forwards external packets that claim to come from
inside the network that the router/firewall is in front of.

VOTES:
   ACCEPT(1) Northcutt


=================================
Candidate: CAN-1999-0529
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

A router or firewall forwards packets that claim to come from IANA
reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x,
etc.

VOTES:
   REJECT(1) Northcutt

COMMENTS:
 Northcutt> I have seen ISPs "assign" private addresses within their domain


=================================
Candidate: CAN-1999-0532
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

A DNS server allows zone transfers.

VOTES:
   REJECT(1) Northcutt

COMMENTS:
 Northcutt> (With split DNS implementations this is quite appropriate)


=================================
Candidate: CAN-1999-0533
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

A DNS server allows inverse queries.

VOTES:
   REJECT(1) Northcutt

COMMENTS:
 Northcutt> (rule of thumb)


=================================
Candidate: CAN-1999-0550
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

A router's routing tables can be obtained from arbitrary hosts.

VOTES:
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> Don't you mean obtained by arbitrary hosts


=================================
Candidate: CAN-1999-0571
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF
Reference: BUGTRAQ:Feb5,1999

A router allows arbitrary hosts to connect to its configuration
service, or related services such as telnet.

VOTES:
   NOOP(1) Northcutt


=================================
Candidate: CAN-1999-0588
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990726
Assigned: 19990607
Category: CF

A filter in a router or firewall allows unusual fragmented packets.

VOTES:
   REJECT(1) Northcutt

COMMENTS:
 Northcutt> I want to vote to accept this one, but unusual is a shade broad.




--------------------- CLUSTER CFMISC ---------------------

CFMISC (18 candidates)
--------------------
Proposed: 7/28
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Miscellaneous CF problems


Voters:
  Shostack ACCEPT(5) RECAST(6) REJECT(6)
  Northcutt ACCEPT(6) NOOP(3) REJECT(8)


<PROPOSED> --> 17
ACCEPT --> 3
RECAST --> 4
REJECT --> 10

=================================
Candidate: CAN-1999-0497
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

Anonymous FTP is enabled

VOTES:
   ACCEPT(1) Shostack
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0512
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

Mail relay is enabled, allowing abuse by spammers.

VOTES:
   ACCEPT(2) Northcutt, Shostack


=================================
Candidate: CAN-1999-0515
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

An unrestricted remote trust relationship for Unix systems has been
set up, e.g. by using a + sign in /etc/hosts.equiv.

VOTES:
   ACCEPT(1) Northcutt
   REJECT(1) Shostack

COMMENTS:
 Shostack> Overly broad


=================================
Candidate: CAN-1999-0530
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A system is operating in "promiscuous" mode which allows it to perform
packet sniffing.

VOTES:
   ACCEPT(1) Northcutt
   REJECT(1) Shostack


=================================
Candidate: CAN-1999-0531
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO.

VOTES:
   RECAST(1) Shostack
   REJECT(1) Northcutt

COMMENTS:
 Shostack> I think expn != vrfy, help, esmtp.


=================================
Candidate: CAN-1999-0539
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A trust relationship exists between two Unix hosts.

VOTES:
   REJECT(2) Northcutt, Shostack

COMMENTS:
 Northcutt> Too non specific


=================================
Candidate: CAN-1999-0547
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

An SSH server allows authentication through the .rhosts file.

VOTES:
   ACCEPT(1) Shostack
   NOOP(1) Northcutt


=================================
Candidate: CAN-1999-0548
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A superfluous NFS server is running, but it is not importing or exporting
any file systems.

VOTES:
   ACCEPT(1) Shostack
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0555
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A Unix account with a name other than "root" has UID 0, i.e. root
privileges.

VOTES:
   REJECT(2) Northcutt, Shostack

COMMENTS:
 Northcutt> This is very bogus


=================================
Candidate: CAN-1999-0556
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

Two or more Unix accounts have the same UID.

VOTES:
   REJECT(2) Northcutt, Shostack


=================================
Candidate: CAN-1999-0561
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

IIS has the #exec function enabled for Server Side Include (SSI) files.

VOTES:
   NOOP(1) Northcutt
   RECAST(1) Shostack


=================================
Candidate: CAN-1999-0564
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

An attacker can force a printer to print arbitrary documents (e.g. if
the printer doesn't require a password) or to become disabled.

VOTES:
   ACCEPT(1) Shostack
   NOOP(1) Northcutt


=================================
Candidate: CAN-1999-0565
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A Sendmail alias allows input to be piped to a program.

VOTES:
   ACCEPT(1) Northcutt
   RECAST(1) Shostack

COMMENTS:
 Shostack> Is this a default alias?  Is my .procmailrc an instance of this?


=================================
Candidate: CAN-1999-0568
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

rpc.admind in Solaris is not running in a secure mode.

VOTES:
   ACCEPT(1) Northcutt
   RECAST(1) Shostack

COMMENTS:
 Shostack> are there secure modes?


=================================
Candidate: CAN-1999-0583
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

There is a one-way or two-way trust relationship between Windows NT
domains.

VOTES:
   REJECT(2) Northcutt, Shostack


=================================
Candidate: CAN-1999-0586
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A network service is running on a nonstandard port.

VOTES:
   RECAST(1) Shostack
   REJECT(1) Northcutt

COMMENTS:
 Shostack> Might be acceptable if clearer; is that a standard service on a
 Shostack> non-standard port, or any service on an unassigned port?


=================================
Candidate: CAN-1999-0590
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A system does not present an appropriate legal message or warning to a
user who is accessing it.

VOTES:
   ACCEPT(1) Northcutt
   RECAST(1) Shostack




--------------------- CLUSTER DESC ---------------------

DESC (2 candidates)
--------------------
Proposed: 7/28
Scheduled Proposed: 7/27
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Description/information problems


Voters:
  Wall MODIFY(1) NOOP(1)
  Northcutt NOOP(2)


<PROPOSED> --> 2
MODIFY --> 1
NOOP --> 1

=================================
Candidate: CAN-1999-0001
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: CERT:CA-98-13-tcp-denial-of-service

Denial of service in BSD-derived TCP/IP implementations, as described
in CERT CA-98-13.

VOTES:
   NOOP(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0345
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

Jolt ICMP attack causes a denial of service in Windows 95 and Windows
NT systems.

VOTES:
   MODIFY(1) Wall
   NOOP(1) Northcutt

COMMENTS:
 Wall> Invalid ICMP datagram fragments causes a denial of service in Windows 95 and
 Wall> Windows NT systems.
 Wall> Reference: Q154174.
 Wall> Jolt is also known as sPING, ICMP bug, Icenewk, and Ping of Death.
 Wall> It is a modified teardrop 2 attack.




--------------------- CLUSTER NOVULN ---------------------

NOVULN (19 candidates)
--------------------
Proposed: 7/28
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Problems that may be regarded as "not a vulnerability"


Voters:
  Wall ACCEPT(5) NOOP(5) REJECT(9)
  Northcutt ACCEPT(6) NOOP(6) REJECT(7)


<PROPOSED> --> 19
ACCEPT --> 3
NOOP --> 3
REJECT --> 13

=================================
Candidate: CAN-1999-0119
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

Windows NT 4.0 beta allows users to read and delete shares.

VOTES:
   NOOP(1) Northcutt
   REJECT(1) Wall

COMMENTS:
 Wall> Reject based on beta copy.


=================================
Candidate: CAN-1999-0361
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan29,1999

NetWare version of LaserFiche stores usernames and passwords
unencrypted, and allows administrative changes without logging.

VOTES:
   NOOP(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0364
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb04,1999

Microsoft Access 97 stores a database password as plaintext in a
foreign mdb, allowing access to data.

VOTES:
   NOOP(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0397
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: L0PHT:Jan21,1999
Reference: BUGTRAQ:Jan21,1999

The demo version of the Quakenbush NT Password Appraiser sends
passwords across the network in plaintext.

VOTES:
   ACCEPT(1) Northcutt
   REJECT(1) Wall


=================================
Candidate: CAN-1999-0403
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb4,1999
Reference: XF:cyrix-hang

A bug in Cyrix CPU's on Linux allows local users to perform a denial
of service.

VOTES:
   ACCEPT(1) Northcutt
   NOOP(1) Wall


=================================
Candidate: CAN-1999-0453
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

An attacker can identify a CISCO device by sending a SYN packet to
port 1999, which is for the Cisco Dicsovery Protocol (CDP).

VOTES:
   NOOP(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0454
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF

A remote attacker can sometimes identify the operating system of a
host based on how it reacts to some IP or ICMP packets, using a tool
such as nmap or queso.

VOTES:
   NOOP(1) Wall
   REJECT(1) Northcutt

COMMENTS:
 Northcutt> Nmap and queso are the tip of the iceberg and not the most advanced
 Northcutt> ways to accomplish this.  To pursue making the world signature free
 Northcutt> is as much a vulnerability as having signatures, nay more.


=================================
Candidate: CAN-1999-0459
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: XF:linux-milo-halt

Local users can perform a denial of service in Alpha Linux, using MILO
to force a reboot.

VOTES:
   NOOP(1) Northcutt
   REJECT(1) Wall


=================================
Candidate: CAN-1999-0465
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: XF:http-img-overflow

Remote attackers can crash Lynx and Internet Explorer using an IMG tag
with a large width parameter.

VOTES:
   ACCEPT(1) Northcutt
   REJECT(1) Wall


=================================
Candidate: CAN-1999-0570
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.

VOTES:
   ACCEPT(1) Northcutt
   REJECT(1) Wall

COMMENTS:
 Northcutt> Here we are crossing into the best practices arena again.  However since
 Northcutt> passfilt does establish a measurable standard and since we aren't the
 Northcutt> ones defining the stanard, simply saying it should be employed I will
 Northcutt> vote for this.


=================================
Candidate: CAN-1999-0584
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A Windows NT file system is not NTFS.

VOTES:
   ACCEPT(2) Wall, Northcutt

COMMENTS:
 Wall> NTFS partition provides the security.  This could be re-worded
 Wall> to "A Windows NT file system is FAT" since it is either NTFS or FAT
 Wall> and FAT is less secure.


=================================
Candidate: CAN-1999-0592
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

The Logon box of a Windows NT system displays the name of the last
user who logged in.

VOTES:
   REJECT(2) Wall, Northcutt

COMMENTS:
 Wall> Information gathering, not vulnerability
 Northcutt> Ah a C2 weenie must have snuck this in, this can be a good thing
 Northcutt> not just vulnerability


=================================
Candidate: CAN-1999-0593
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A user is allowed to shut down a Windows NT system without logging in.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt

COMMENTS:
 Wall> Still a denial of service.
 Northcutt> May well be appropriate


=================================
Candidate: CAN-1999-0594
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A Windows NT system does not restrict access to removable media drives
such as a floppy disk drive or CDROM drive.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt

COMMENTS:
 Wall> Perhaps it can be re-worded to "removable media drives
 Wall> such as a floppy disk drive or CDROM drive can be accessed (shared) in a
 Wall> Windows NT system."
 Northcutt> - what good is my NT w/o its floppy


=================================
Candidate: CAN-1999-0595
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A Windows NT system does not clear the system page file during
shutdown.

VOTES:
   ACCEPT(1) Wall
   NOOP(1) Northcutt


=================================
Candidate: CAN-1999-0596
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A Windows NT log file has an inappropriate maximum size or retention
period.

VOTES:
   REJECT(2) Wall, Northcutt

COMMENTS:
 Northcutt> define appropriate


=================================
Candidate: CAN-1999-0597
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

A Windows NT account policy does not forcibly disconnect remote users
from the server when their logon hours expire.

VOTES:
   ACCEPT(1) Northcutt
   REJECT(1) Wall


=================================
Candidate: CAN-1999-0603
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: CF

In Windows NT, an inappropriate user is a member of a group,
e.g. Administrator, Backup Operators, Domain Admins, Domain Guests,
Power Users, Print Operators, Replicators, System Operators, etc.

VOTES:
   REJECT(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0654
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990728
Assigned: 19990607
Category: SA

The OS/2 or POSIX subsystem in NT is enabled.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt

COMMENTS:
 Wall> These subsystems could still allow a process to persist across logins.




--------------------- CLUSTER DATA ---------------------

DATA (10 candidates)
--------------------
Proposed: 8/3
Scheduled Proposed: 7/28
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

CF problems related to data access


Voters:
  Wall ACCEPT(10)
  Northcutt ACCEPT(3) RECAST(6) REJECT(1)


<PROPOSED> --> 10
ACCEPT --> 3
RECAST --> 6
REJECT --> 1

=================================
Candidate: CAN-1999-0509
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

Perl, sh, csh, or other shell interpreters are accessible on a WWW
site.

VOTES:
   ACCEPT(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0520
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

A system-critical NETBIOS/SMB share has inappropriate access control.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> I think we need to enumerate the shares and or the access control


=================================
Candidate: CAN-1999-0522
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF
Reference: CERT:CA-96.10

The permissions for a system-critical NIS+ table (e.g. passwd) are
inappropriate.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> Why not say world readable, this is what you do further down in the
 Northcutt> file (world exportable in CAN-1999-0554)


=================================
Candidate: CAN-1999-0527
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

The permissions for system-critical data in an anonymous FTP account
are inappropriate.  For example, the root directory is writeable by
world, a real password file is obtainable, or executable commands such
as "ls" can be overwritten.

VOTES:
   ACCEPT(2) Wall, Northcutt

COMMENTS:
 Northcutt> That that starts to get specific :)


=================================
Candidate: CAN-1999-0554
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

NFS exports system-critical data to the world, e.g. / or a password
file.

VOTES:
   ACCEPT(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0559
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

A system-critical Unix file or directory has inappropriate
permissions.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> Writable other than by root/bin/wheelgroup?


=================================
Candidate: CAN-1999-0560
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

A system-critical Windows NT file or directory has inappropriate
permissions.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> I think we should specify these


=================================
Candidate: CAN-1999-0569
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

A URL for a WWW directory allows auto-indexing, which provides a list
of all files in that directory.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt

COMMENTS:
 Northcutt> I do this intentionally somethings in high content directories


=================================
Candidate: CAN-1999-0587
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

A WWW server is not running in a restricted file system, e.g. through
a chroot, thus allowing access to system-critical data.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> While I would accept this for Unix, I am not sure this applies to NT,
 Northcutt> VMS, palm pilots, or commodore 64


=================================
Candidate: CAN-1999-0591
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

An event log in Windows NT has inappropriate access permissions.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> splain Lucy, splain




--------------------- CLUSTER NT-REGISTRY ---------------------

NT-REGISTRY (6 candidates)
--------------------
Proposed: 8/3
Scheduled Proposed: 7/28
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

CF problems related to NT registry settings


Voters:
  Wall ACCEPT(6)
  Northcutt RECAST(6)


<PROPOSED> --> 6
RECAST --> 6

=================================
Candidate: CAN-1999-0580
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate,
system-critical permissions.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> I think we can define appropriate, take a look at the nt security .pdf
 Northcutt> and see if you can't see a way to phrase specific keys in a way that
 Northcutt> defines inappropriate.


=================================
Candidate: CAN-1999-0581
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate,
system-critical permissions.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> I think we can define appropriate, take a look at the nt security .pdf
 Northcutt> and see if you can't see a way to phrase specific keys in a way that
 Northcutt> defines inappropriate.


=================================
Candidate: CAN-1999-0589
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

A system-critical Windows NT registry key has inappropriate
permissions.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> I think we can define appropriate, take a look at the nt security .pdf
 Northcutt> and see if you can't see a way to phrase specific keys in a way that
 Northcutt> defines inappropriate.


=================================
Candidate: CAN-1999-0611
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990607
Category: CF

A system-critical Windows NT registry key has an inappropriate value.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> I think we can define appropriate, take a look at the nt security .pdf
 Northcutt> and see if you can't see a way to phrase specific keys in a way that
 Northcutt> defines inappropriate.


=================================
Candidate: CAN-1999-0664
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990803
Category: CF

An application-critical Windows NT registry key has inappropriate
permissions.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> I think we can define appropriate, take a look at the nt security .pdf
 Northcutt> and see if you can't see a way to phrase specific keys in a way that
 Northcutt> defines inappropriate.


=================================
Candidate: CAN-1999-0665
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990803
Assigned: 19990803
Category: CF

An application-critical Windows NT registry key has an inappropriate
value.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> I think we can define appropriate, take a look at the nt security .pdf
 Northcutt> and see if you can't see a way to phrase specific keys in a way that
 Northcutt> defines inappropriate.




--------------------- CLUSTER SA-LITTLE ---------------------

SA-LITTLE (5 candidates)
--------------------
Proposed: 8/3
Scheduled Proposed: 7/29
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Presence of "little" services that are rarely necessary


Voters:
  Wall ACCEPT(3) NOOP(2)
  Northcutt ACCEPT(1) REJECT(4)


<PROPOSED> --> 5
ACCEPT --> 1
REJECT --> 4

=================================
Candidate: CAN-1999-0635
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The echo service is running.

VOTES:
   ACCEPT(2) Wall, Northcutt

COMMENTS:
 Northcutt> The method to my madness is echo is the common denom in the dos attack


=================================
Candidate: CAN-1999-0636
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The discard service is running.

VOTES:
   NOOP(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0637
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The systat service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0638
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The daytime service is running.

VOTES:
   NOOP(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0639
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The chargen service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt




--------------------- CLUSTER SA-ATTACK ---------------------

SA-ATTACK (10 candidates)
--------------------
Proposed: 8/3
Scheduled Proposed: 7/29
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Presence of services that are common attack points


Voters:
  Wall ACCEPT(9) REJECT(1)
  Northcutt REJECT(10)


<PROPOSED> --> 10
REJECT --> 10

=================================
Candidate: CAN-1999-0615
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The SNMP service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0620
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

A component service related to NIS is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0630
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The NT Alerter and Messenger services are running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0633
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The HTTP/WWW service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0641
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The UUCP service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0645
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The IRC service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0646
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The LDAP service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0651
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The rsh/rlogin service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0653
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

A component service related to NIS+ is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0659
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

A Windows NT Primary Domain Controller (PDC) or Backup Domain
Controller (BDC) is present.

VOTES:
   REJECT(2) Wall, Northcutt

COMMENTS:
 Wall> Don't consider this a service or a problem.




--------------------- CLUSTER SA-HIST ---------------------

SA-HIST (13 candidates)
--------------------
Proposed: 8/3
Scheduled Proposed: 7/29
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Presence of services with a history of problems


Voters:
  Wall ACCEPT(12) NOOP(1)
  Northcutt REJECT(13)


<PROPOSED> --> 13
REJECT --> 13

=================================
Candidate: CAN-1999-0614
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The FTP service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0616
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The TFTP service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0617
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The SMTP service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0619
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The Telnet service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0621
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

A component service related to NETBIOS is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0622
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

A component service related to DNS service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0623
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The X Windows service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0631
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The NFS service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0632
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The RPC portmapper service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0634
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The SSH service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0642
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

A POP service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0643
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The IMAP service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0657
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

WinGate is being used.

VOTES:
   NOOP(1) Wall
   REJECT(1) Northcutt




--------------------- CLUSTER SA-OTHER ---------------------

SA-OTHER (8 candidates)
--------------------
Proposed: 8/3
Scheduled Proposed: 7/29
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Other SA candidates


Voters:
  Wall ACCEPT(5) NOOP(3)
  Northcutt REJECT(8)


<PROPOSED> --> 8
REJECT --> 8

=================================
Candidate: CAN-1999-0640
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The Gopher service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0644
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The NNTP news service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0648
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The X25 service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0649
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The FSP service is running.

VOTES:
   NOOP(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0650
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The netstat service is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0652
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

A database service is running, e.g. a SQL server, Oracle, or mySQL.

VOTES:
   NOOP(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0656
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

The ugidd service is running.

VOTES:
   NOOP(1) Wall
   REJECT(1) Northcutt


=================================
Candidate: CAN-1999-0658
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: SA

DCOM is running.

VOTES:
   ACCEPT(1) Wall
   REJECT(1) Northcutt




--------------------- CLUSTER MPAN ---------------------

MPAN (4 candidates)
--------------------
Proposed: 8/3
Scheduled Proposed: 8/3
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

MP/AN category candidates


Voters:
  Wall ACCEPT(4)
  Northcutt ACCEPT(3) RECAST(1)


<PROPOSED> --> 4
ACCEPT --> 3
RECAST --> 1

=================================
Candidate: CAN-1999-0660
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: MP

A hacker utility or Trojan Horse is installed on a system,
e.g. NetBus, Back Orifice, Rootkit, etc.

VOTES:
   ACCEPT(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0661
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: MP

A system is running a version of software that was replaced with a
Trojan Horse at its distribution point, e.g. TCP Wrappers, wuftpd,
etc.

VOTES:
   ACCEPT(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0662
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: AN

A system-critical program or library does not have the appropriate
patch, hotfix, or service pack installed, or is outdated or obsolete.

VOTES:
   ACCEPT(2) Wall, Northcutt


=================================
Candidate: CAN-1999-0663
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990804
Assigned: 19990607
Category: AN

A system-critical program, library, or file has a checksum or other
integrity measurement that indicates that it has been modified.

VOTES:
   ACCEPT(1) Wall
   RECAST(1) Northcutt

COMMENTS:
 Northcutt> This needs to be worded carefully.
 Northcutt> 1. Rootkits evade checksum detection.
 Northcutt> 2. The modification could be positive (a patch)




--------------------- CLUSTER MULT ---------------------

MULT (35 candidates)
--------------------
Proposed: 6/23
Scheduled Interim Decision: 7/5
Scheduled Final Decision: 7/9

Multiple executables split into


Voters:
  Frech ACCEPT(11) MODIFY(19) RECAST(2) REVIEWING(2)


<PROPOSED> --> 34
ACCEPT --> 11
MODIFY --> 19
RECAST --> 2
REVIEWING --> 2

=================================
Candidate: CAN-1999-0009
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: XF:bind-bo
Reference: SUN:00180

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0010
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: XF:bind-dos

Denial of Service vulnerability in BIND 8 Releases via maliciously
formatted DNS messages.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0011
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: XF:bind-dos
Reference: SUN:00180

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases
via CNAME record and zone transfer.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> Change XF reference to:
 Frech> XF:bind-axfr-dos


=================================
Candidate: CAN-1999-0016
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.28.Teardrop_Land
Reference: FreeBSD:FreeBSD-SA-98:01
Reference: XF:cisco-land
Reference: XF:land
Reference: XF:95-verv-tcp
Reference: XF:land-exploit
Reference: XF:land-patch
Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml

Land IP denial of service

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:ver-tcpip-sys (applies to a check, not a vulnerability, and is thus not
 Frech> listed on website)
 Frech> XF:land-exploit (obsolete, replaced by land)


=================================
Candidate: CAN-1999-0025
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul
Reference: XF:df-bo

root privileges via buffer overflow in df command on SGI IRIX
systems.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0026
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul
Reference: XF:pset-bo

root privileges via buffer overflow in pset command on SGI IRIX
systems.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0027
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul
Reference: XF:eject-bo

root privileges via buffer overflow in eject command on SGI IRIX
systems.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0028
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul

root privileges via buffer overflow in login/scheme command on SGI
IRIX systems.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:sgi-schemebo


=================================
Candidate: CAN-1999-0029
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul
Reference: XF:ordist-bo

root privileges via buffer overflow in ordist command on SGI IRIX
systems.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0030
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.24.IRIX.xlock.buffer.overflow.vul
Reference: XF:sgi-xlockbo
Reference: SGI:19970508-02-PX

root privileges via buffer overflow in xlock command on SGI IRIX
systems.

VOTES:
   RECAST(1) Frech

COMMENTS:
 Frech> XF:xlock-bo (also add)
 Frech> As per xlock-bo, also appears on AIX, BSDI, DG/UX, FreeBSD, Solaris, and
 Frech> several Linii.
 Frech> Also, don't you mean to cite SGI:19970502-02-PX? The one you list is
 Frech> login/scheme.


=================================
Candidate: CAN-1999-0068
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-php-mylog

CGI PHP mylog script allows an attacker to read any file on the
target server.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0075
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:pasvcore

PASV core dump in FTP daemon

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> There is no pasvcore record; delete and add
 Frech> XF:ftp-pasvcore


=================================
Candidate: CAN-1999-0076
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:ftp-args

Core dump from FTP arguments

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0092
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:006.1

Various vulnerabilities in the AIX portmir command allows
local users to obtain root access.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:ibm-portmir


=================================
Candidate: CAN-1999-0101
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:001.1
Reference: SUN:00137
Reference: NAI:NAI-1

Buffer overflow in AIX and Solaris "gethostbyname" library call allows
root access through corrupt DNS host names.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:ghbn-bo
 Frech> in addition to ERS:1997:001.1, also include 1996:007.1
 Frech> Sun's bulletin is 137a, not 137.


=================================
Candidate: CAN-1999-0124
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability
Reference: XF:gopher-vuln

Vulnerabilities in UMN gopher and gopher+ allow an intruder to read
any files that can be accessed by the gopher daemon.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0126
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:VB-98.04.xterm.Xaw
Reference: CIAC:J-010

SGI IRIX buffer overflow in xterm and Xaw allows root access.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:xfree86-xterm-xaw
 Frech> XF:xfree86-xaw


=================================
Candidate: CAN-1999-0127
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-96.27.hp_sw_install
Reference: AUSCERT:AA-96.04
Reference: XF:hpux-swinstall

swinstall and swmodify commands in SD-UX package in HP-UX systems
allow local users to create or overwrite arbitrary files to gain root
access.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> (keep current XF: reference, and add)
 Frech> XF:hpux-sqwmodify


=================================
Candidate: CAN-1999-0138
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-96.12.suidperl_vul

The suidperl and sperl program do not give up root privileges when
changing UIDs back to the original users, allowing root access.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:sperl-suid


=================================
Candidate: CAN-1999-0231
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF

Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6
packages using a long VRFY command, causing a denial of service and
possibly remote access.

VOTES:
   RECAST(1) Frech

COMMENTS:
 Frech> XF:slmail-vrfyexpn-overflow (for Slmail v3.2 and below)
 Frech> XF:smtp-vrfy-bo (many mail packages)


=================================
Candidate: CAN-1999-0261
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF

Netmanager Chameleon SMTPd has several buffer overflows that cause a crash.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:chamelion-smtp-dos


=================================
Candidate: CAN-1999-0282
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-95.12.sun.loadmodule.vul

Vulnerabilities in loadmodule and modload programs in SunOS and OpenWindows

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:sun-loadmodule
 Frech> XF:sun-modload (CERT CA-93.18 very old!)


=================================
Candidate: CAN-1999-0284
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:smtp-helo-bo

Denial of service to NT mail servers including Ipswitch, Mdaemon, and
Exchange through a buffer overflow in the SMTP HELO command.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> "Windows NT-based mail servers" (A trademark thing, and for clarification)
 Frech> XF:mdaemon-helo-bo
 Frech> XF:lotus-notes-helo-crash
 Frech> XF:slmail-helo-overflow
 Frech> XF:smtp-helo-bo (mentions several products)
 Frech> XF:smtp-exchangedos


=================================
Candidate: CAN-1999-0333
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: RSI:RSI.0009.09-08-98.HP-UX.OMNIBACK
Reference: XF:omniback-remote

Omniback allows remote execution of commands as root via spoofing, and
local users can gain root access via a symlink attack.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0346
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF

CGI PHP mlog script allows an attacker to read any file on the target
server.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:http-cgi-php-mlog


=================================
Candidate: CAN-1999-0354
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: NTBUGTRAQ:Jan27,1999
Reference: MS:MS99-002

Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution
of Visual Basic programs to the IE client through the Word 97
template, which doesn't warn the user that the template contains
executable content.  Also applies to Outlook when the client views a
malicious email message.

VOTES:
   REVIEWING(1) Frech


=================================
Candidate: CAN-1999-0368
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-99.03
Reference: NETECT:palmetto.ftpd

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to
remote root access, a.k.a. palmetto.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:palmetto-ftpd-bo


=================================
Candidate: CAN-1999-0415
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers

The Clickstart web server in Cisco 700 series routers allows remote
attackers to execute commands on the router, or perform information
gathering, without authentication.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> Reference: ISS:March11,1999 (consistent with cluster 1, CAN-1999-0008)
 Frech> XF:cisco-router-commands
 Frech> XF:cisco-web-config


=================================
Candidate: CAN-1999-0416
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers

The Clickstart web server in Cisco 700 series routers allows remote
attackers to perform a denial of service.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> Reference: ISS:March11,1999
 Frech> XF:cisco-web-crash


=================================
Candidate: CAN-1999-0435
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: HP:HPSBUX9903-096

MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain
privileges through SAM.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:hp-servicegaurd


=================================
Candidate: CAN-1999-0467
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-webcom-guestbook

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a
remote attacker to read arbitrary files using the template key.

VOTES:
   ACCEPT(1) Frech


=================================
Candidate: CAN-1999-0488
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: MS:MS99-012

MSHTML.DLL in Internet Explorer allows a remote attacker to execute
security scripts in a different security context, using malicious
URLs.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:ie-mshtml-crossframe


=================================
Candidate: CAN-1999-0489
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: MS:MS99-012

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to read
the contents of a user's clipboard, aka untrusted scripted paste.

VOTES:
   REVIEWING(1) Frech

COMMENTS:
 Frech> Wasn't Untrusted scripted paste MS98-015? I can find no mention of a
 Frech> clipboard in either.
 Frech> I cannot proceed on this one without further clarification.


=================================
Candidate: CAN-1999-0490
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: MS:MS99-012

MSHTML.DLL in Internet Explorer allows a remote attacker to learn
information about a local user's files.

VOTES:
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:ie-scriplet-fileread

Page Last Updated or Reviewed: May 22, 2007