[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LINUX-99 - 26 legacy candidates



The following cluster contains 26 candidates, all of which are
documented in at least one advisory that was published by a Linux
vendor in 1999.

Most candidates have a "priority 1" since they are confirmed by the
vendor.  Others are priority 3 because they are affected by content
decisions.

There are a few 1999 advisories that are not yet covered by
candidates.  They are still being worked on behind the scenes.  In
some cases, the advisory is so abstract that there is not enough
information to tell if it is related to an existing issue or not.
Other advisories are related to various software packages that had
numerous vulnerabilities in a short time, so it requires deeper
analysis to wade through the morass and make sure that there is no
duplication with existing candidates (wu-ftpd/ProFTPD is an example).
Members of the CVE content team are conducting this deeper analysis,
as well as preparing the next round of legacy candidates from all the
Board members (and some non-Board members) who are contributing their
vulnerability databases to this effort.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0352
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com
Reference: CALDERA:CSSA-1999-036.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
Reference: SUSE:19991227 Security hole in Pine < 4.21
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_36.txt
Reference: BID:810
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=810

Pine before version 4.21 does not properly filter shell metacharacters
from URLs, which allows remote attackers to execute arbitrary commands
via a malformed URL.


ED_PRI CAN-2000-0352 1


VOTE:

=================================
Candidate: CAN-2000-0353
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_6.txt
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: URL:http://www.suse.de/de/support/security/pine_update_announcement.txt

Pine 4.x allows a remote attacker to execute arbitrary commands via an
index.html file which executes lynx and obtains a uudecoded file from
a malicious web server, which is then executed by Pine.


ED_PRI CAN-2000-0353 1


VOTE:

=================================
Candidate: CAN-2000-0354
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19990928 mirror 2.9 hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru
Reference: DEBIAN:19991018 Incorrect directory name handling in mirror
Reference: URL:http://www.debian.org/security/1999/19991018
Reference: SUSE:19991001 Security hole in mirror
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_22.txt
Reference: BID:681
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=681
Reference: XF:mirror-perl-remote-file-creation

mirror 2.8.x in Linux systems allows remote attackers to create files
one level above the local target directory.


ED_PRI CAN-2000-0354 1


VOTE:

=================================
Candidate: CAN-2000-0356
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: REDHAT:RHSA-1999:040
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789
Reference: XF:linux-pam-nis-login
Reference: BID:697
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=697

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not
properly lock access to disabled NIS accounts.


ED_PRI CAN-2000-0356 1


VOTE:

=================================
Candidate: CAN-2000-0359
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt

Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to
cause a denial of service or execute arbitrary commands via a long
If-Modified-Since header.


ED_PRI CAN-2000-0359 1


VOTE:

=================================
Candidate: CAN-2000-0360
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991124 Security hole in inn <= 2.2.1
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_34.txt
Reference: CALDERA:CSSA-1999-038.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt

Buffer overflow in INN 2.2.1 and earlier allows remote attackers to
cause a denial of service via a maliciously formatted article.


ED_PRI CAN-2000-0360 1


VOTE:

=================================
Candidate: CAN-2000-0361
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991214 Security hole in wvdial <= 1.4
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_35.txt

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a
.config file with world readable permissions, which allows a local
attacker in the dialout group to access login and password
information.


ED_PRI CAN-2000-0361 1


VOTE:

=================================
Candidate: CAN-2000-0362
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt
Reference: BID:738
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738

Buffer overflows in Linux cdwtools 093 and earlier allows local users
to gain root privileges.


ED_PRI CAN-2000-0362 1


VOTE:

=================================
Candidate: CAN-2000-0363
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt
Reference: BID:738
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738

Linux cdwtools 093 and earlier allows local users to gain root
privileges via the /tmp directory.


ED_PRI CAN-2000-0363 1


VOTE:

=================================
Candidate: CAN-2000-0366
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202

dump in Debian Linux 2.1 does not properly restore symlinks, which
allows a local user to modify the ownership of arbitrary files.


ED_PRI CAN-2000-0366 1


VOTE:

=================================
Candidate: CAN-2000-0367
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19990218 Root exploit in eterm
Reference: URL:http://www.debian.org/security/1999/19990218
Reference: XF:linux-eterm

Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker to
gain root privileges.


ED_PRI CAN-2000-0367 1


VOTE:

=================================
Candidate: CAN-2000-0369
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-029.1
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt

The IDENT server in Caldera Linux 2.3 creates multiple threads for
each IDENT request, which allows remote attackers to cause a denial of
service.


ED_PRI CAN-2000-0369 1


VOTE:

=================================
Candidate: CAN-2000-0370
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-001.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt

The debug option in Caldera Linux smail allows remote attackers to
execute commands via shell metacharacters in the -D option for the
rmail command.


ED_PRI CAN-2000-0370 1


VOTE:

=================================
Candidate: CAN-2000-0371
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-005.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt
Reference: XF:kde-mediatool

The libmediatool library used for the KDE mediatool allows local users
to create arbitrary files via a symlink attack.


ED_PRI CAN-2000-0371 1


VOTE:

=================================
Candidate: CAN-2000-0372
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-014.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt
Reference: XF:linux-rmt
Reference: URL:http://xforce.iss.net/static/2268.php

Vulnerability in Caldera rmt command in the dump package 0.4b4 allows
a local user to gain root privileges.


ED_PRI CAN-2000-0372 1


VOTE:

=================================
Candidate: CAN-2000-0373
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html
Reference: XF:kde-kvt
Reference: URL:http://xforce.iss.net/static/2266.php

Vulnerabilities in the KDE kvt terminal program allow local users to
gain root privileges.


ED_PRI CAN-2000-0373 1


VOTE:

=================================
Candidate: CAN-2000-0374
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt

The default configuration of kdm in Caldera Linux allows XDMCP
connections from any host, which allows remote attackers to obtain
sensitive information or bypass additional access restrictions.


ED_PRI CAN-2000-0374 1


VOTE:

=================================
Candidate: CAN-2000-0355
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19990920 Security hole in pbpg
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_21.txt
Reference: XF:linux-pb-fileread
Reference: XF:linux-pg-fileread

pg and pb in SuSE pbpg 1.x package allows an attacker to read
arbitrary files.


ED_PRI CAN-2000-0355 3


VOTE:

=================================
Candidate: CAN-2000-0357
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: REDHAT:RHSA-1999:058-01
Reference: URL:http://www.redhat.com/corp/support/errata/RHSA1999058-01.html

ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random
numbers, which allows local users to guess the authentication keys.


ED_PRI CAN-2000-0357 3


VOTE:

=================================
Candidate: CAN-2000-0358
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: REDHAT:RHSA-1999:058-01
Reference: URL:http://www.redhat.com/corp/support/errata/RHSA1999058-01.html

ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers
to crash a program.


ED_PRI CAN-2000-0358 3


VOTE:

=================================
Candidate: CAN-2000-0364
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19990606 RedHat 6.0, /dev/pts permissions bug when using xterm
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92877527701347&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92886009012161&w=2
Reference: REDHAT:RHSA1999014_01
Reference: URL:http://www.redhat.com/corp/support/errata/RHSA1999014_01.html
Reference: BID:309
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=309

screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of
tty devices, which allows local users to write to other ttys.


ED_PRI CAN-2000-0364 3


VOTE:

=================================
Candidate: CAN-2000-0365
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: CF
Reference: BUGTRAQ:19990606 RedHat 6.0, /dev/pts permissions bug when using xterm
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92877527701347&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92886009012161&w=2
Reference: REDHAT:RHSA1999014_01
Reference: URL:http://www.redhat.com/corp/support/errata/RHSA1999014_01.html
Reference: BID:308
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=308

Red Hat Linux 6.0 installs the /dev/pts file system with insecure
modes, which allows local users to write to other tty devices.


ED_PRI CAN-2000-0365 3


VOTE:

Page Last Updated or Reviewed: May 22, 2007