|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: PROPOSAL: Cluster 11 - BUF (32 candidates)
-----Original Message----- From: Steven M. Christey [mailto:coley@linus.mitre.org] Sent: Wednesday, June 23, 1999 4:50 PM To: cve-review@linus.mitre.org Subject: PROPOSAL: Cluster 11 - BUF (32 candidates) The following cluster is a Low controversy cluster of vulnerabilities for buffer overflows that occur in a single application. - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0047 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.05.sendmail MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. VOTE: accept ================================= Candidate: CAN-1999-0058 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: NAI:NAI-12 Reference: XF:http-phpbo Reference: XF:http-cgi-phpbo Buffer overflow in PHP cgi program, php.cgi allows shell access. VOTE: accept ================================= Candidate: CAN-1999-0064 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:lquerylv-bo Buffer overflow in AIX lquerylv program gives root access to local users. VOTE: accept, additional source AIX 4.2 lguerylv "Georgi Guninski" http://www.securityfocus.com ================================= Candidate: CAN-1999-0071 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-apache-cookie Reference: NAI:NAI-2 Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. VOTE: accept ================================= Candidate: CAN-1999-0085 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:rwhod Reference: XF:rwhod-vuln rwhod buffer overflow in AIX VOTE: accept, additional source Bugtraq " rwhod buffer overflow" David J. Meltzer http://www.securityfocus.com/bugtraq/1996_3/0380.htm ================================= Candidate: CAN-1999-0102 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:slmail-fromheader-overflow Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line. VOTE: agree ================================= Candidate: CAN-1999-0108 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF The printers program in IRIX has a buffer overflow that gives root access to local users. VOTE: modify, believe this is the IRIX netprint BO in /usr/sbin/printers, ref'd in SGI Security Bulletin 19961203-02-PX and on Bugtraq "Another day,another buffer overflow by David Hedley. Can't be sure based on the description and lack of ref here. ================================= Candidate: CAN-1999-0109 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in ffbconfig in Solaris 2.5.1 VOTE: modify, according to Sun, affects both 2.5 and 2.5.1...add ref Sun Security Bulletin 140 http://sunsolve.sun.com ================================= Candidate: CAN-1999-0112 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in AIX dtterm program for the CDE VOTE: accept, add ref Bugtraq "AIX 4.2 dtterm exploit" http://www.securityfocus.com ================================= Candidate: CAN-1999-0122 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in AIX lchangelv gives root access. VOTE: accept, add ref Bugtraq "AIX lchangelv" http://www.securityfocus.com/ ================================= Candidate: CAN-1999-0139 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. VOTE: accept ================================= Candidate: CAN-1999-0182 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: CIAC:H-110 Reference: XF:nt-samba-bo Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. VOTE: accept, additional ref VB-97.10.samba ftp://info.cert.org/pub/cert_bulletins/VB-97.10.sanba ================================= Candidate: CAN-1999-0187 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: SUN:00179 The rdist program in Solaris has some buffer overflows that allow attackers to gain root access. VOTE: recast, The Sun Patches in Ref roll-up fixes for an earlier BO in rdist lookup( )(ref CERT 96.14)as well as the BO in rdist function expstr() (ref CERT 97-23) and various vendor bulletins. However both of these rdist BO's affect many more OSs than just Sun, i.e., BSD/OS 2.1, DEC OSF's, AIX, FreeBSD, SCO, SGI, etc. Believe this falls into the SF-codebase content decision ================================= Candidate: CAN-1999-0192 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: SNI:SNI-20 Reference: XF:bsd-tel-tgetent Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. VOTE: accept ================================= Candidate: CAN-1999-0206 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. VOTE: accept, additional ref AUSCERT Advisory AA-96.06a http://www.auscert.org.au/ ================================= Candidate: CAN-1999-0219 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:ftp-servu Buffer overflow in Serv-U FTP server when user performs a cwd to a directory with a long name. VOTE: accept ================================= Candidate: CAN-1999-0230 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in Cisco 760 routers through the telnet service. VOTE: Modify, the BO affect any 7xx router running a vulnerable version of IOS/700 OS. Addtional ref Field Notice: 7xx Router Password Buffer Overflow http://www.cisco.com/warp/public/770/pwbuf-pub.shtml#summary ================================= Candidate: CAN-1999-0232 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. VOTE: noop ================================= Candidate: CAN-1999-0235 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. VOTE: accept ================================= Candidate: CAN-1999-0244 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: NAI:NAI-23 Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. VOTE: accept ================================= Candidate: CAN-1999-0255 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Buffer overflow in ircd allows arbitrary command execution. VOTE: noop ================================= Candidate: CAN-1999-0256 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:war-ftpd Buffer overflow in War FTP allows remote execution of commands. VOTE: accept ================================= Candidate: CAN-1999-0276 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF mSQL v2.0.1 and below allows remote execution through a buffer overflow. VOTE: accept, additional ref Sekure SDI Advisory sekure.01-99.msql http://www.sekure.org ================================= Candidate: CAN-1999-0297 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: NAI:NAI-3 Buffer overflow in Vixie Cron 2.1 allows local users to obtain root access. VOTE: recast, This appears to be the same as the Cron BO reported in CIAC H-17 which affects versions of the vixie cron package up to and including 3.0 ================================= Candidate: CAN-1999-0315 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:fdformat-bo Buffer overflow in Solaris fdformat command gives root access to local users. VOTE: accept, add ref Sun Security Bulletin 00138 http://sunsolve.sun.com/ ================================= Candidate: CAN-1999-0317 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:su-bo Buffer overflow in Linux su command gives root access to local users. VOTE: noop ================================= Candidate: CAN-1999-0318 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:xmcd-envbo Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. VOTE: noop ================================= Candidate: CAN-1999-0319 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:xmcd-tiflestr Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting. VOTE: noop ================================= Candidate: CAN-1999-0339 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: XF:sol-sun-libauth Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. VOTE: accept, Sun never did release a bulletin for this BO but did release patches for affected systems.add ref, RSI Alert Advisory RSI.0007.05-26-98 www.repsec.com ================================= Candidate: CAN-1999-0373 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: ISS:Buffer Overflow in "Super" package in Debian Linux Buffer overflow in the "Super" utility in Debian Linux and other operating systems allows local users to execute commands as root. VOTE: accept ================================= Candidate: CAN-1999-0375 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: NAI:February 16, 1999 Reference: BUGTRAQ:Feb16,1999 Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. VOTE: noop ================================= Candidate: CAN-1999-0405 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990623 Assigned: 19990607 Category: SF Reference: HERT:002 Reference: BUGTRAQ:Feb18,1999 A buffer overflow in lsof allows local users to obtain root privilege. VOTE: accept
|
||||
