|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [VOTEPRI] 12 high priority candidates as of 5/1/2000
The following 12 candidates have been assigned a high priority. They are all acknowledged by the software vendor. Some of them need more than one vote for acceptance, so your voting will be appreciated. The most important of these are CAN-1999-0210 and CAN-1999-0493. CERT activity reports indicate that these bugs are still being exploited. Also note that CAN-1999-0387 was originally proposed in July 1999, but did not include any references at the time. Since then, Microsoft released a security bulletin about it. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the moderator to determine whether or not a candidate is added to CVE. Where there is disagreement, the moderator must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ================================= Candidate: CAN-1999-0031 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19990728 Assigned: 19990607 Category: SF Reference: CERT:CA-97.20.javascript JavaScript allows remote attackers to monitor a user's web activities. INFERRED ACTION: CAN-1999-0031 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Wall MODIFY(1) Christey NOOP(1) Northcutt Comments: Christey> The CERT advisory is at http://www.cert.org/advisories/CA-97.20.javascript.html Christey> Christey> ADDREF HP:HPSBUX9707-065 Christey> http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html Christey> Christey> According to the CERT advisory, this issue affects Internet Christey> Explorer 3.x and 4.x, and Netscape 2.x, 3.x, and 4.x. Christey> Include this in the description. VOTE: ================================= Candidate: CAN-1999-0124 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability Reference: XF:gopher-vuln Vulnerabilities in UMN gopher and gopher+ allow an intruder to read any files that can be accessed by the gopher daemon. INFERRED ACTION: CAN-1999-0124 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Frech NOOP(1) Christey Comments: Christey> Modify the description to include the version numbers Christey> 1.12 and 2.0x Christey> Christey> The advisory is at Christey> http://www.cert.org/advisories/CA-93.11.UMN.UNIX.gopher.vulnerability.html Christey> VOTE: ================================= Candidate: CAN-1999-0210 Published: Final-Decision: Interim-Decision: Modified: 19991130-01 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88053459921223&w=2 Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 Reference: HP:HPSBUX9910-104 Reference: CERT:CA-99-05 Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. Modifications: Changed description and added references. INFERRED ACTION: CAN-1999-0210 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: MODIFY(2) Shostack, Frech NOOP(3) Northcutt, Wall, Christey Comments: Shostack> I think there was an SNI advisory on this Frech> Not enough information; POSSIBLY XF:sun-automountd (changing mount options) Christey> Christey> SNI did not publish an advisory; however, Oliver Friedrichs Christey> sent a post saying that SNI's security tool tested for it. Christey> See http://marc.theaimsgroup.com/?l=bugtraq&m=91553343311719&w=2 Christey> Christey> This is a tough one. There's an old automount bug that's Christey> only locally exploitable, then a newer rpc.statd bug allows Christey> it to be remotely exploitable. There's at least two bugs, Christey> but should there be three? Christey> Christey> Also see CAN-1999-0493 VOTE: ================================= Candidate: CAN-1999-0387 Published: Final-Decision: Interim-Decision: Modified: 19991206-01 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: MS:MS99-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp Reference: MSKB:Q168115 Reference: BID:829 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=829 A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. Modifications: ADDREF MS:MS99-052 ADDREF MSKB:Q168115 ADDREF BID:829 INFERRED ACTION: CAN-1999-0387 REVOTE (0 accept, 1 review) Current Votes: REVIEWING(1) Frech REVOTE(1) Christey Comments: Frech> Term 'legacy' is vague and can be subject to interpretation. Require a Frech> reference to establish this vulnerability. Christey> Added refs. Interestingly, this candidate was assigned Christey> on June 7, 1999, but there were no references until the Christey> Microsoft advisory in late November. I have lost the Christey> original reference. VOTE: ================================= Candidate: CAN-1999-0491 Published: Final-Decision: Interim-Decision: Modified: 20000418-02 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990420 Bash Bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org Reference: CALDERA:CSSA-1999-008.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt Reference: BID:119 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=119 The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. Modifications: CHANGEREF BUGTRAQ [title] ADDREF CALDERA:CSSA-1999-008.0 INFERRED ACTION: CAN-1999-0491 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: MODIFY(1) Frech NOOP(1) Christey Comments: Frech> bash-prompt-pars-dir Christey> XF:bash-prompt-pars-dir doesn't exist. Christey> Christey> ADDREF CALDERA:CSSA-1999-008.0 VOTE: ================================= Candidate: CAN-1999-0493 Published: Final-Decision: Interim-Decision: Modified: 19991203-01 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: CERT:CA-99-05 Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html Reference: SUN:00186 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. Modifications: Added numerous references INFERRED ACTION: CAN-1999-0493 MOREVOTES-1 (1 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Northcutt NOOP(1) Christey Comments: Christey> This candidate has been modified heavily. VOTE: ================================= Candidate: CAN-2000-0076 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:19991230 vibackup.sh Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2 Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script Reference: URL:http://www.debian.org/security/2000/20000108 nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. INFERRED ACTION: CAN-2000-0076 MOREVOTES-2 (0 accept, 1 ack, 0 review) Current Votes: VOTE: ================================= Candidate: CAN-2000-0092 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: FREEBSD:FreeBSD-SA-00:01 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc Reference: BID:939 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=939 The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. INFERRED ACTION: CAN-2000-0092 MOREVOTES-2 (0 accept, 1 ack, 1 review) Current Votes: NOOP(1) Wall REVIEWING(1) Cole VOTE: ================================= Candidate: CAN-2000-0113 Published: Final-Decision: Interim-Decision: Modified: 20000419-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94934808714972&w=2 Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952641025328&w=2 Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973281714994&w=2 Reference: CONFIRM:http://www.sybergen.com/support/fix.htm Reference: BID:952 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=952 The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics. INFERRED ACTION: CAN-2000-0113 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(2) Wall, Christey Comments: Christey> Sygate confirms this in 01/2000 - Build 563 (Beta) with Christey> the comment: "fix to block external telnet to port 7323 Christey> without enhanced security." VOTE: ================================= Candidate: CAN-2000-0157 Published: Final-Decision: Interim-Decision: Modified: 20000321-01 Proposed: 20000223 Assigned: 20000223 Category: SF Reference: NETBSD:1999-012 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc Reference: XF:netbsd-ptrace NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. Modifications: ADDREF XF:netbsd-ptrace INFERRED ACTION: CAN-2000-0157 MOREVOTES-2 (0 accept, 1 ack, 1 review) Current Votes: NOOP(2) Wall, LeBlanc REVIEWING(1) Cole VOTE: ================================= Candidate: CAN-2000-0229 Published: Final-Decision: Interim-Decision: Modified: 20000424-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000322 gpm-root Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000322182143.4498.qmail@securityfocus.com Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html Reference: SUSE:20000405 Security hole in gpm < 1.18.1 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_45.txt Reference: REDHAT:RHSA-2000:009-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000009-02.html Reference: BID:1069 Reference: URL:http://www.securityfocus.com/bid/1069 Reference: XF:linux-gpm-root gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. Modifications: ADDREF SUSE:20000405 Security hole in gpm < 1.18.1 ADDREF REDHAT:RHSA-2000:009-02 INFERRED ACTION: CAN-2000-0229 MOREVOTES-1 (1 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Frech NOOP(1) Cole VOTE: ================================= Candidate: CAN-2000-0230 Published: Final-Decision: Interim-Decision: Modified: 20000424-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html Reference: REDHAT:RHSA-2000:016-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000016-02.html Reference: BID:1060 Reference: URL:http://www.securityfocus.com/bid/1060 Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. Modifications: ADDREF REDHAT:RHSA-2000:016-02 INFERRED ACTION: CAN-2000-0230 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: MODIFY(1) Frech NOOP(1) Cole Comments: Frech> XF:linux-imwheel-bo VOTE:
|
||||
