|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 50 - UNIX-UNCONF (42 candidates)
This cluster contains various problems on the Unix platform, many of which are in third party software. They may not be confirmed by the vendor. Proposed: 12/21 Scheduled Proposed: 12/20 Scheduled Interim Decision: 1/3 Scheduled Final Decision: 1/7 - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-1999-0189 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19990607 Category: SF Reference: SUN:00142 Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. VOTE: ================================= Candidate: CAN-1999-0389 Published: Final-Decision: Interim-Decision: Modified: 19991207-01 Proposed: 19991222 Assigned: 19990607 Category: SF Reference: DEBIAN:19990104 Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows Reference: BID:324 Buffer overflow in the bootp server in the Debian Linux netstd package. VOTE: ================================= Candidate: CAN-1999-0390 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit Reference: BID:187 Buffer overflow in Dosemu Slang library in Linux. VOTE: ================================= Candidate: CAN-1999-0676 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:sun-stdcm-convert Reference: BID:575 Reference: BUGTRAQ:19990808 stdcm_convert stdcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. VOTE: ================================= Candidate: CAN-1999-0678 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: CF Reference: XF:apache-debian-usrdoc Reference: BUGTRAQ: An issue with Apache on Debian A default configuration of Apache on Debian Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. VOTE: ================================= Candidate: CAN-1999-0697 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare Reference: BID:621 SCO Doctor allows local users to gain root privileges through a Tools option. VOTE: ================================= Candidate: CAN-1999-0698 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux. VOTE: ================================= Candidate: CAN-1999-0711 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ: *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed Reference: XF:oracle-oratclsh The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. VOTE: ================================= Candidate: CAN-1999-0720 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:597 Reference: XF:linux-pt-chown The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. VOTE: ================================= Candidate: CAN-1999-0727 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. VOTE: ================================= Candidate: CAN-1999-0733 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows Reference: XF:linux-vmware-buffer-overflows Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. VOTE: ================================= Candidate: CAN-1999-0740 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:594 Reference: XF:linux-telnetd-term Reference: CALDERA:CSSA-1999:022 Reference: REDHAT:RHSA1999029_01 Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. VOTE: ================================= Candidate: CAN-1999-0746 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: CF Reference: BUGTRAQ:19990814 DOS against SuSE's identd Reference: BID:587 Reference: XF:suse-identd-dos A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. VOTE: ================================= Candidate: CAN-1999-0747 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ: Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1 Reference: BID:589 Reference: XF:bsdi-smp-dos Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. VOTE: ================================= Candidate: CAN-1999-0754 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:inn-innconf-env Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable. VOTE: ================================= Candidate: CAN-1999-0773 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow Reference: XF:sol-lpset-bo Buffer overflow in Solaris lpset program allows local users to gain root access. VOTE: ================================= Candidate: CAN-1999-0780 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. VOTE: ================================= Candidate: CAN-1999-0781 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. VOTE: ================================= Candidate: CAN-1999-0782 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. VOTE: ================================= Candidate: CAN-1999-0785 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential Reference: XF:inn-pathrun The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. VOTE: ================================= Candidate: CAN-1999-0786 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6 Reference: BID:659 The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. VOTE: ================================= Candidate: CAN-1999-0787 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:660 The SSH authentication agent follows symlinks via a UNIX domain socket. VOTE: ================================= Candidate: CAN-1999-0795 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: NAI:NAI-27 The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches. VOTE: ================================= Candidate: CAN-1999-0797 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: CIAC:I-070 NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries. VOTE: ================================= Candidate: CAN-1999-0798 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981204 bootpd remote vulnerability Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. VOTE: ================================= Candidate: CAN-1999-0799 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices) Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location. VOTE: ================================= Candidate: CAN-1999-0803 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ: IBM eNetwork Firewall for AIX The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. VOTE: ================================= Candidate: CAN-1999-0806 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:cde-dtprintinfo Buffer overflow in Solaris dtprintinfo program. VOTE: ================================= Candidate: CAN-1999-0813 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0 Cfingerd does not properly drop privileges when it executes a program on behalf of the user being fingered, allowing local users to gain root privileges. VOTE: ================================= Candidate: CAN-1999-0888 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990817 Security Bug in Oracle Reference: BID:585 dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script. VOTE: ================================= Candidate: CAN-1999-0893 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. VOTE: ================================= Candidate: CAN-1999-0903 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup) genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. VOTE: ================================= Candidate: CAN-1999-0906 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit Reference: BID:656 Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable. VOTE: ================================= Candidate: CAN-1999-0908 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990921 solaris DoS Reference: BID:655 Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. VOTE: ================================= Candidate: CAN-1999-0912 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service Reference: BID:653 FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. VOTE: ================================= Candidate: CAN-1999-0920 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. VOTE: ================================= Candidate: CAN-1999-0942 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. VOTE: ================================= Candidate: CAN-1999-0952 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990126 Buffer overflow in Solaris 2.6/2.7 /usr/bin/lpstat Buffer overflow in Solaris lpstat via class argument allows local users to gain root access. VOTE: ================================= Candidate: CAN-1999-0958 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS. sudo 1.5.x allows local users to execute arbitrary commands via a ... (dot dot) attack. VOTE: ================================= Candidate: CAN-1999-0961 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ? HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. VOTE: ================================= Candidate: CAN-1999-0966 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: L0PHT:19970127 Solaris libc - getopt(3) Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0]. VOTE: ================================= Candidate: CAN-1999-0971 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. VOTE:
|
||||
