|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster LEGACY-CERT - 53 candidates
I am proposing cluster LEGACY-CERT for review and voting by the Editorial Board. Name: LEGACY-CERT Description: Candidates announced in CERT advisories from 1998 and earlier Size: 53 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1021 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-15 Reference: URL:http://www.cert.org/advisories/CA-1992-15.html Reference: SUN:00117 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba Reference: BID:47 Reference: URL:http://www.securityfocus.com/bid/47 NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. Analysis ---------------- ED_PRI CAN-1999-1021 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1032 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:CA-1991-11 Reference: URL:http://www.cert.org/advisories/CA-1991-11.html Reference: BID:26 Reference: URL:http://www.securityfocus.com/bid/26 Vulnerability in LAT/Telnet Gateway on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. Analysis ---------------- ED_PRI CAN-1999-1032 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1034 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1034 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-08 Reference: URL:http://www.cert.org/advisories/CA-1991-08.html Reference: BID:23 Reference: URL:http://www.securityfocus.com/bid/23 Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1034 1 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1041 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1041 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980827 SCO mscreen vul. Reference: URL:http://www.securityfocus.com/archive/1/10420 Reference: BUGTRAQ:19980926 Root exploit for SCO OpenServer. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90686250717719&w=2 Reference: SCO:SB-98.05a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-98.05a Reference: CERT:VB-98.10 Reference: URL:http://www.cert.org/vendor_bulletins/VB-98.10.sco.mscreen Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file. Analysis ---------------- ED_PRI CAN-1999-1041 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1056 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-18 Reference: URL:http://www.cert.org/advisories/CA-1992-18.html Vulnerability in VMS 5.0 through 5.4-2 allows local users to gain privileges via the Monitor utility. Analysis ---------------- ED_PRI CAN-1999-1056 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1057 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-07 Reference: URL:http://www.cert.org/advisories/CA-1990-07.html Reference: CIAC:B-04 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-04.shtml Reference: BID:12 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=12 VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. Analysis ---------------- ED_PRI CAN-1999-1057 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1059 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-04 Reference: URL:http://www.cert.org/advisories/CA-1992-04.html Reference: BID:36 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=36 Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-1999-1059 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1090 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-15 Reference: URL:http://www.cert.org/advisories/CA-1991-15.html Reference: XF:ftp-ncsa(1844) Reference: URL:http://xforce.iss.net/static/1844.php The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. Analysis ---------------- ED_PRI CAN-1999-1090 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1098 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1995-03 Reference: URL:http://www.cert.org/advisories/CA-1995-03.html Reference: CIAC:F-12 Reference: URL:http://www.ciac.org/ciac/bulletins/f-12.shtml Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. Analysis ---------------- ED_PRI CAN-1999-1098 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1103 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:VB-96.05 Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.05.dec Reference: CIAC:G-18 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-18.shtml Reference: MISC:http://www.tao.ca/fire/bos/0209.html dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. Analysis ---------------- ED_PRI CAN-1999-1103 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1115 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-04 Reference: URL:http://www.cert.org/advisories/CA-1990-04.html Reference: BID:7 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=7 Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). Analysis ---------------- ED_PRI CAN-1999-1115 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1119 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1992-09 Reference: URL:http://www.cert.org/advisories/CA-1992-09.html Reference: BID:41 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=41 Reference: XF:aix-anon-ftp(3154) Reference: URL:http://xforce.iss.net/static/3154.php FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-1999-1119 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1121 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1992-06 Reference: URL:http://www.cert.org/advisories/CA-1992-06.html Reference: BID:38 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=38 Reference: XF:ibm-uucp(554) Reference: URL:http://xforce.iss.net/static/554.php The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-1999-1121 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1122 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1989-02 Reference: URL:http://www.cert.org/advisories/CA-1989-02.html Reference: BID:3 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=3 Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1122 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1131 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1131 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:VB-97.12 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup Reference: CIAC:I-060 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-060.shtml Reference: SGI:19980601-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX Reference: XF:sgi-osf-dce-dos(1123) Reference: URL:http://xforce.iss.net/static/1123.php Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization. Analysis ---------------- ED_PRI CAN-1999-1131 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1138 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1993-13 Reference: URL:http://www.cert.org/advisories/CA-1993-13.html Reference: XF:sco-homedir(546) Reference: URL:http://xforce.iss.net/static/546.php SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. Analysis ---------------- ED_PRI CAN-1999-1138 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1140 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971214 buffer overflows in cracklib?! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88209041500913&w=2 Reference: CERT:VB-97.16 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib Reference: XF:cracklib-bo(1539) Reference: URL:http://xforce.iss.net/static/1539.php Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. Analysis ---------------- ED_PRI CAN-1999-1140 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1142 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-11 Reference: URL:http://www.cert.org/advisories/CA-1992-11.html Reference: XF:sun-env(3152) Reference: URL:http://xforce.iss.net/static/3152.php SunOS 4.1.2 and earlier allows local users to gain privileges in certain dynamically linked setuid or setgid programs that change the real and effective user ids to the same user, via "LD_*" environmental variables. Analysis ---------------- ED_PRI CAN-1999-1142 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1162 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1162 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1993-08 Reference: URL:http://www.cert.org/advisories/CA-1993-08.html Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. Analysis ---------------- ED_PRI CAN-1999-1162 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1193 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-06 Reference: URL:http://www.cert.org/advisories/CA-1991-06.html Reference: XF:next-me(581) Reference: URL:http://xforce.iss.net/static/581.php Reference: BID:20 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=20 The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. Analysis ---------------- ED_PRI CAN-1999-1193 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1194 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1194 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:CA-1991-05 Reference: URL:http://www.cert.org/advisories/CA-1991-05.html Reference: BID:17 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=17 Reference: XF:dec-chroot(577) Reference: URL:http://xforce.iss.net/static/577.php chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1194 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1197 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-12 Reference: URL:http://www.cert.org/advisories/CA-1990-12.html Reference: BID:14 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=14 TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1197 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1198 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1198 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-06 Reference: URL:http://www.cert.org/advisories/CA-1990-06.html Reference: CIAC:B-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml Reference: BID:11 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=11 BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-1999-1198 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1209 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1209 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971204 scoterm exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88131151000069&w=2 Reference: CERT:VB-97.14 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm Reference: XF:sco-scoterm(690) Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-1999-1209 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1215 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1215 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:D-21 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-21.shtml Reference: CERT:CA-1993-12 Reference: URL:http://www.cert.org/advisories/CA-1993-12.html Reference: XF:novell-login(545) Reference: URL:http://xforce.iss.net/static/545.php LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1215 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1216 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1216 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1993-07 Reference: URL:http://www.cert.org/advisories/CA-1993-07.html Reference: CIAC:D-15 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-15.shtml Reference: XF:cisco-sourceroute(541) Reference: URL:http://xforce.iss.net/static/541.php Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command. Analysis ---------------- ED_PRI CAN-1999-1216 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1218 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1218 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1993-04 Reference: URL:http://www.cert.org/advisories/CA-1993-04.html Reference: XF:amiga-finger(522) Reference: URL:http://xforce.iss.net/static/522.php Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files. Analysis ---------------- ED_PRI CAN-1999-1218 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1219 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1219 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:CA-1994-13 Reference: URL:http://www.cert.org/advisories/CA-1994-13.html Reference: AUSCERT:AA-94.04a Reference: CIAC:E-33 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-33.shtml Reference: XF:sgi-prn-mgr(511) Reference: URL:http://xforce.iss.net/static/511.php Reference: BID:468 Reference: URL:http://www.securityfocus.com/bid/468 Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command. Analysis ---------------- ED_PRI CAN-1999-1219 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1252 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:VB-96.15 Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.15.sco Reference: SCO:96:002 Reference: URL:ftp://ftp.sco.COM/SSE/security_bulletins/SB.96:02a Reference: XF:sco-system-call(1966) Reference: URL:http://xforce.iss.net/static/1966.php Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges. Analysis ---------------- ED_PRI CAN-1999-1252 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1253 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1253 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:VB-96.10 Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.10.sco Reference: SCO:96:001 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB.96:01a Reference: XF:sco-kernel(1965) Reference: URL:http://xforce.iss.net/static/1965.php Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-1999-1253 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1295 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1295 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:VB-96.16 Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.16.transarc Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to gain access to resources that are protected by DFS. Analysis ---------------- ED_PRI CAN-1999-1295 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1306 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1306 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:CA-1992-20 Reference: URL:http://www.cert.org/advisories/CA-1992-20.html Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters. Analysis ---------------- ED_PRI CAN-1999-1306 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1309 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19940314 sendmail -d problem (OLD yet still here) Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0040.html Reference: BUGTRAQ:19940315 so... Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0043.html Reference: BUGTRAQ:19940315 anyone know details? Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0042.html Reference: BUGTRAQ:19940315 Security problem in sendmail versions 8.x.x Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0048.html Reference: BUGTRAQ:19940327 sendmail exploit script - resend Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0078.html Reference: CERT:CA-1994-12 Reference: URL:http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilities Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option Analysis ---------------- ED_PRI CAN-1999-1309 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1312 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1312 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1993-05 Reference: URL:http://www.cert.org/advisories/CA-1993-05.html Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges. Analysis ---------------- ED_PRI CAN-1999-1312 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1391 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-06 Reference: URL:http://www.cert.org/advisories/CA-1990-06.html Reference: CIAC:B-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml Reference: BID:10 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=10 Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions. Analysis ---------------- ED_PRI CAN-1999-1391 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1392 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1392 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-06 Reference: URL:http://www.cert.org/advisories/CA-1990-06.html Reference: CIAC:B-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml Reference: BID:9 Reference: URL:http://www.securityfocus.com/bid/9 Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-1999-1392 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1395 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1395 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-18 Reference: URL:http://www.cert.org/advisories/CA-1992-18.html Reference: CERT:CA-92.16 Reference: URL:http://www.cert.org/advisories/CA-92.16.VMS.Monitor.vulnerability Reference: BID:51 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=51 Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 through 5.4-2 allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1395 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1396 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1396 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-15 Reference: URL:http://www.cert.org/advisories/CA-1992-15.html Reference: BID:49 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=49 Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash). Analysis ---------------- ED_PRI CAN-1999-1396 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1415 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1415 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-91.13 Reference: URL:http://www.cert.org/advisories/CA-91.13.Ultrix.mail.vulnerability Reference: BID:27 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=27 Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1415 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1438 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1438 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-01 Reference: URL:http://www.cert.org/advisories/CA-91.01a.SunOS.mail.vulnerability Reference: SUN:00105 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/105 Reference: BID:15 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=15 Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments. Analysis ---------------- ED_PRI CAN-1999-1438 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1467 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1467 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1989-07 Reference: URL:http://www.cert.org/advisories/CA-1989-07.html Reference: BID:5 Reference: URL:http://www.securityfocus.com/bid/5 Reference: XF:sun-rcp(3165) Reference: URL:http://xforce.iss.net/static/3165.php Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user. Analysis ---------------- ED_PRI CAN-1999-1467 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1468 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1468 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.unix.geek.org.uk/~arny/www.8lgm.org/1.UNIX.rdist.23-Apr-1991 Reference: CERT:CA-91.20 Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability Reference: BID:31 Reference: URL:http://www.securityfocus.com/bid/31 rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. Analysis ---------------- ED_PRI CAN-1999-1468 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1471 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1471 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:CA-1989-01 Reference: URL:http://www.cert.org/advisories/CA-1989-01.html Reference: BID:4 Reference: URL:http://www.securityfocus.com/bid/4 Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field. Analysis ---------------- ED_PRI CAN-1999-1471 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1506 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1506 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-01 Reference: URL:http://www.cert.org/advisories/CA-90.01.sun.sendmail.vulnerability Reference: BID:6 Reference: URL:http://www.securityfocus.com/bid/6 Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin. Analysis ---------------- ED_PRI CAN-1999-1506 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1507 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1507 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1993-03 Reference: URL:http://www.cert.org/advisories/CA-1993-03.html Reference: BID:59 Reference: URL:http://www.securityfocus.com/bid/59 Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash. Analysis ---------------- ED_PRI CAN-1999-1507 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1554 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1554 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-08 Reference: URL:http://www.cert.org/advisories/CA-1990-08.html Reference: BID:13 Reference: URL:http://www.securityfocus.com/bid/13 /usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users. Analysis ---------------- ED_PRI CAN-1999-1554 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1558 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1558 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:I-071A Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-071a.shtml Reference: CERT:VB-98.07 Reference: BID:161 Reference: URL:http://www.securityfocus.com/bid/161 Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled. Analysis ---------------- ED_PRI CAN-1999-1558 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1123 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1991-07 Reference: URL:http://www.cert.org/advisories/CA-1991-07.html Reference: SUN:00107 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/107&type=0&nav=sec.sba Reference: BID:21 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=21 Reference: BID:22 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=22 Reference: XF:sun-sourcetapes(582) Reference: URL:http://xforce.iss.net/static/582.php The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall. Analysis ---------------- ED_PRI CAN-1999-1123 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1185 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980827 SCO mscreen vul. Reference: BUGTRAQ:19980926 Root exploit for SCO OpenServer. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90686250717719&w=2 Reference: CERT:VB-98.10 Reference: SCO:98.05 Reference: XF:sco-openserver-mscreen-bo(1379) Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file. Analysis ---------------- ED_PRI CAN-1999-1185 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Multiple problems are implied in the SCO advisory, but only the TERM problem appears to have been publicized. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1211 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-02 Reference: URL:http://www.cert.org/advisories/CA-1991-02.html Reference: XF:sun-intelnetd(574) Reference: URL:http://xforce.iss.net/static/574.php Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-1999-1211 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC CD:SF-LOC says to separate the in.telnetd and in.rlogind problems because the in.rlogind problem appears in 4.0.3, but not 4.1. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1212 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1212 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-02 Reference: URL:http://www.cert.org/advisories/CA-1991-02.html Reference: XF:sun-intelnetd(574) Reference: URL:http://xforce.iss.net/static/574.php Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-1999-1212 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC CD:SF-EXEC says to separate the in.telnetd and in.rlogind problems because the in.rlogind problem appears in 4.0.3, but not 4.1. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1466 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1466 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-20 Reference: URL:http://www.cert.org/advisories/CA-1992-20.html Reference: BID:53 Reference: URL:http://www.securityfocus.com/bid/53 Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword. Analysis ---------------- ED_PRI CAN-1999-1466 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1493 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1493 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1991-23 Reference: URL:http://www.cert.org/advisories/CA-1991-23.html Reference: BID:34 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=34 Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk(). Analysis ---------------- ED_PRI CAN-1999-1493 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
