[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LEGACY-UNIX-ADV - 79 candidates



I am proposing cluster LEGACY-UNIX-ADV for review and voting by the
Editorial Board.

Name: LEGACY-UNIX-ADV
Description: Candidates announced in Unix vendor advisories, 1999 and earlier
Size: 79

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-1040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1040
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980408 SGI O2 ipx security issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89217373930054&w=2
Reference: SGI:19980501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980501-01-P2869
Reference: CIAC:I-055
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-055.shtml

Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on
IRIX 6.3 and 6.4 allows local users to gain root access via a modified
IFS environmental variable.

Analysis
----------------
ED_PRI CAN-1999-1040 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1044
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: COMPAQ:SSRT0495U
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml
Reference: CIAC:I-050
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml

Vulnerability in Advanced File System Utility (advfs) in Digital UNIX
V4.0 through V4.0d allows local users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1044 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1048
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit
Reference: URL:http://www.securityfocus.com/archive/1/10542
Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719555&w=2
Reference: DEBIAN:19980909 problem with very long pathnames
Reference: URL:http://www.debian.org/security/1998/19980909
Reference: XF:linux-bash-bo(3414)
Reference: URL:http://xforce.iss.net/static/3414.php

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local
attackers to gain privileges by creating an extremely large directory
name, which is inserted into the password prompt via the \w option in
the PS1 environmental variable when another user changes into that
directory.

Analysis
----------------
ED_PRI CAN-1999-1048 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1114
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1114
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:H-15A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml
Reference: AUSCERT:AA-96.17
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul
Reference: SGI:19980405-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I
Reference: XF:ksh-suid_exec(2100)
Reference: URL:http://xforce.iss.net/static/2100.php
Reference: BID:467
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=467

Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and
earlier, and possibly other operating systems, allows local users to
gain root privileges.

Analysis
----------------
ED_PRI CAN-1999-1114 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1116
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SGI:19970503-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX
Reference: BID:462
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=462
Reference: XF:sgi-runpriv(2108)
Reference: URL:http://xforce.iss.net/static/2108.php

Vulnerability in runpriv in Indigo Magic System Administration
subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root
privileges.

Analysis
----------------
ED_PRI CAN-1999-1116 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1118
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1118
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00165
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba
Reference: BID:433
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=433
Reference: XF:sun-ndd(817)
Reference: URL:http://xforce.iss.net/static/817.php

ndd in Solaris 2.6 allows local users to cause a denial of service by
modifying certain TCP/IP parameters.

Analysis
----------------
ED_PRI CAN-1999-1118 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1120
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970104 Irix: netprint story
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420403&w=2
Reference: SGI:19961203-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX
Reference: SGI:19961203-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX
Reference: BID:395
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=395
Reference: XF:sgi-netprint(2107)
Reference: URL:http://xforce.iss.net/static/2107.php

netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental
variable for finding and executing the disable program, which allows
local users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1120 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1133
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1133
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9709-069
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019776&w=2
Reference: XF:hp-vue/dt(499)
Reference: URL:http://xforce.iss.net/static/499.php

HP-UX 9.x and 10.x running X windows may allow local attackers to gain
privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad,
which do not authenticate users.

Analysis
----------------
ED_PRI CAN-1999-1133 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1134
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1134
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9404-008
Reference: URL:http://packetstorm.securify.com/advisories/hpalert/008
Reference: CIAC:E-23
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-23.shtml

Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root
privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066.

Analysis
----------------
ED_PRI CAN-1999-1134 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1135
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1135
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9504-027
Reference: URL:http://packetstorm.securify.com/advisories/hpalert/027
Reference: XF:hp-vue(2284)
Reference: URL:http://xforce.iss.net/static/2284.php

Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root
privileges, as fixed by PHSS_4994 and PHSS_5438.

Analysis
----------------
ED_PRI CAN-1999-1135 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1136
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1136
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9807-081
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807-081.html
Reference: HP:HPSBMP9807-005
Reference: URL:http://cert.ip-plus.net/bulletin-archive/msg00040.html
Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526177&w=2
Reference: CIAC:I-081
Reference: URL:http://www.ciac.org/ciac/bulletins/i-081.shtml
Reference: XF:mpeix-predictive(1413)
Reference: URL:http://xforce.iss.net/static/1413.php

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5
and earlier, allows attackers to compromise data transfer for
Predictive messages (using e-mail or modem) between customer and
Response Center Predictive systems.

Analysis
----------------
ED_PRI CAN-1999-1136 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1137
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: CIAC:E-01
Reference: URL:http://www.ciac.org/ciac/bulletins/e-01.shtml
Reference: SUN:00122
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
Reference: XF:sun-audio(549)
Reference: URL:http://xforce.iss.net/static/549.php

The permissions for the /dev/audio device on Solaris 2.2 and earlier,
and SunOS 4.1.x, allow any local user to read from the device, which
could be used by an attacker to monitor conversations happening near a
machine that has a microphone.

Analysis
----------------
ED_PRI CAN-1999-1137 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1139
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9801-074
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html
Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities
Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html
Reference: BUGTRAQ:19970901 HP UX Bug :)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019745&w=2

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier
allows local users to overwrite arbitrary files and gain root
privileges via a symlink attack on the IOERROR.mytty file.

Analysis
----------------
ED_PRI CAN-1999-1139 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1143
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:H-065
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-65.shtml
Reference: SGI:19970504-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX
Reference: XF:sgi-rld(2109)
Reference: URL:http://xforce.iss.net/static/2109.php

Vulnerability in runtime linker program rld in SGI IRIX 6.x and
earlier allows local users to gain privileges via setuid and setgid
programs.

Analysis
----------------
ED_PRI CAN-1999-1143 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1144
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: HP:HPSBUX9701-051
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html
Reference: XF:hp-mpower(2056)
Reference: URL:http://xforce.iss.net/static/2056.php

Certain files in MPower in HP-UX 10.x are installed with insecure
permissions, which allows local users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1144 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1145
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9701-044
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1514
Reference: CIAC:H-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml
Reference: XF:hp-glanceplus(2059)
Reference: URL:http://xforce.iss.net/static/2059.php

Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and
earlier allows local users to access arbitrary files and gain
privileges.

Analysis
----------------
ED_PRI CAN-1999-1145 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1146
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9405-011
Reference: URL:http://www.securityfocus.com/advisories/1555
Reference: XF:hp-glanceplus-gpm(2060)
Reference: URL:http://xforce.iss.net/static/2060.php

Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x
and earlier allows local users to access arbitrary files and gain
privileges.

Analysis
----------------
ED_PRI CAN-1999-1146 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1158
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1158
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: AUSCERT:AA-97.09
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.09.Solaris.passwd.buffer.overrun.vul
Reference: SUN:00139
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/139&type=0&nav=sec.sba

Buffer overflow in (1) pluggable authentication module (PAM) on
Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3
allows local users to gain root privileges via programs that use these
modules such as passwd, yppasswd, and nispasswd.

Analysis
----------------
ED_PRI CAN-1999-1158 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1160
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9702-055
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420581&w=2
Reference: CIAC:H-33
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-33.shtml

Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and
possibly remote users to gain root privileges.

Analysis
----------------
ED_PRI CAN-1999-1160 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1161
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1161
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961103 Re: Untitled
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420102&w=2
Reference: BUGTRAQ:19961104 ppl bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420103&w=2
Reference: HP:HPSBUX9704-057
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html
Reference: CIAC:H-32
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-32.shtml
Reference: AUSCERT:AA-97.07

Vulnerability in ppl in HP-UX 10.x and earlier allows local users to
gain root privileges by forcing ppl to core dump.

Analysis
----------------
ED_PRI CAN-1999-1161 1
Vendor Acknowledgement: yes advisory

The AUSCERT advisory explicitly states that this is different than
another HP-UX ppl vulnerability, CVE-1999-0324.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1163
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1163
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9911-105
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94347039929958&w=2

Vulnerability in HP Series 800 S/X/V Class servers allows remote
attackers to gain access to the S/X/V Class console via the Service
Support Processor (SSP) Teststation.

Analysis
----------------
ED_PRI CAN-1999-1163 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1181
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: CIAC:J-003
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-003.shtml
Reference: SGI:19980901-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX

Vulnerability in On-Line Customer Registration software for IRIX 6.2
through 6.4 allows local users to gain root privileges.

Analysis
----------------
ED_PRI CAN-1999-1181 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1183
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1183
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SGI:19980403-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980403-02-PX
Reference: SGI:19980403-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980403-01-PX

System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote
attackers to execute commands by providing a trojan horse (1) runtask
or (2) runexec descriptor file, which is used to execute a System
Manager Task when the user's Mailcap entry supports the x-sgi-task or
x-sgi-exec type.

Analysis
----------------
ED_PRI CAN-1999-1183 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1191
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418335&w=2
Reference: AUSCERT:AA-97.18
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul
Reference: SUN:00144
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144
Reference: BID:207
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=207

Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local
users to gain root privileges via a long command line argument.

Analysis
----------------
ED_PRI CAN-1999-1191 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1192
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1192
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00143
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143
Reference: BID:206
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=206

Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local
users to gain root privileges via a long command line argument.

Analysis
----------------
ED_PRI CAN-1999-1192 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1205
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1205
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419195&w=2
Reference: HP:HPSBUX9607-035
Reference: URL:http://packetstormsecurity.org/advisories/ibm-ers/96-08
Reference: CIAC:G-34
Reference: XF:hp-nettune(414)

nettune in HP-UX 10.01 and 10.00 is installed setuid root, which
allows local users to cause a denial of service by modifying critical
networking configuration information.

Analysis
----------------
ED_PRI CAN-1999-1205 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1213
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1213
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9710-070
Reference: URL:http://www2.dataguard.no/bugtraq/1997_4/0001.html
Reference: XF:hp-telnetdos(571)
Reference: URL:http://xforce.iss.net/static/571.php

Vulnerability in telnet service in HP-UX 10.30 allows attackers to
cause a denial of service.

Analysis
----------------
ED_PRI CAN-1999-1213 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1214
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1214
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling
Reference: URL:http://www.openbsd.com/advisories/signals.txt
Reference: XF:openbsd-iosig(556)
Reference: URL:http://xforce.iss.net/static/556.php

Vulnerability in asynchronous I/O facility in 4.4 BSD kernel does not
check user credentials when initializing I/O notification, which
allows local users to cause a denial of service by specifying an
arbitrary process ID to be signaled via a socket or device file
descriptor via certain ioctl and fcntl calls

Analysis
----------------
ED_PRI CAN-1999-1214 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1238
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1238
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9409-017
Reference: URL:http://www.securityfocus.com/advisories/1531
Reference: XF:hp-core-diag-fileset(2262)
Reference: URL:http://xforce.iss.net/static/2262.php

Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05
and earlier allows local users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1238 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1239
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1239
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9407-015
Reference: URL:http://www.securityfocus.com/advisories/1559
Reference: XF:hp-xauthority(2261)
Reference: URL:http://xforce.iss.net/static/2261.php

HP-UX 9.x does not properly enable the Xauthority mechanism in certain
conditions, which could allow local users to access the X display even
when they have not explicitly been authorized to do so.

Analysis
----------------
ED_PRI CAN-1999-1239 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1242
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1242
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9402-003
Reference: URL:http://packetstormsecurity.org/advisories/hpalert/003
Reference: XF:hp-subnet-config(2162)
Reference: URL:http://xforce.iss.net/static/2162.php

Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users
to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1242 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1243
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: CIAC:F-16
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-16.shtml
Reference: SGI:19950301-01-P373
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373
Reference: XF:sgi-permissions(2113)
Reference: URL:http://xforce.iss.net/static/2113.php

SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local
users to modify permissions for arbitrary files and gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1243 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1247
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1247
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9402-006
Reference: URL:http://packetstormsecurity.org/advisories/hpalert/006
Reference: XF:hp-dce9000(2061)
Reference: URL:http://xforce.iss.net/static/2061.php

Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x
allows attackers to gain root privileges.

Analysis
----------------
ED_PRI CAN-1999-1247 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1248
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9411-019
Reference: URL:http://packetstormsecurity.org/advisories/hpalert/019
Reference: XF:hp-supportwatch(2058)
Reference: URL:http://xforce.iss.net/static/2058.php

Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through
9.0 allows local users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1248 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1249
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1249
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: HP:HPSBUX9701-047
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html
Reference: XF:hp-movemail(2057)
Reference: URL:http://xforce.iss.net/static/2057.php

movemail in HP-UX 10.20 has insecure permissions, which allows local
users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1249 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1251
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1251
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9612-043
Reference: URL:http://packetstormsecurity.org/advisories/hpalert/043
Reference: XF:hp-audio-panic(2010)
Reference: URL:http://xforce.iss.net/static/2010.php

Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10
allows local users to cause a denial of service.

Analysis
----------------
ED_PRI CAN-1999-1251 1
Vendor Acknowledgement: yes advisory

THe HP advisory, dated December 24, 1996, vaguely alludes to a mailing
list post; it may be referring to BUGTRAQ:19961126 Major Security
Vulnerabilities in Remote CD Databases in which case, it could have
been XMCD that was on HP-UX 10.10/.20; if so, then there may be a
duplicate CAN/CVE for this issue. However, the Bugtraq post does not
describe a "system panic" outcome like the HP advisory does, but it
mentions the possibility of arbitrary code execution, unlike the HP
advisory.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1258
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1258
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00102
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102
Reference: XF:sun-pwdauthd(1782)
Reference: URL:http://xforce.iss.net/static/1782.php

rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent
remote access to the daemon, which allows remote attackers to obtain
sensitive system information.

Analysis
----------------
ED_PRI CAN-1999-1258 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1276
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: DEBIAN:19981207 fte-console: does not drop its root priviliges
Reference: URL:http://www.debian.org/security/1998/19981207
Reference: XF:fte-console-privileges(1609)
Reference: URL:http://xforce.iss.net/static/1609.php

fte-console in the fte package before 0.46b-4.1 does not drop root
privileges, which allows local users to gain root access via the
virtual console device.

Analysis
----------------
ED_PRI CAN-1999-1276 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1288
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1288
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux
Reference: URL:http://www.securityfocus.com/archive/1/11397
Reference: CALDERA:SA-1998.35
Reference: URL:http://www.caldera.com/support/security/advisories/SA-1998.35.txt
Reference: XF:samba-wsmbconf(1406)
Reference: URL:http://xforce.iss.net/static/1406.php

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf,
which is installed with incorrect permissions including the setgid
bit, which allows local users to read and write files and possibly
gain privileges via bugs in the program.

Analysis
----------------
ED_PRI CAN-1999-1288 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1298
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1298
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: FREEBSD:FreeBSD-SA-97:03
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous
FTP, creates the ftp user without a password and with /bin/date as the
shell, which could allow attackers to gain access to certain system
resources.

Analysis
----------------
ED_PRI CAN-1999-1298 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1301
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:G-31
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-31.shtml
Reference: FREEBSD:FreeBSD-SA-96:17
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc

A design flaw in the Z-Modem protocol allows the remote sender of a
file to execute arbitrary programs on the client, as implemented in rz
in the rzsz module of FreeBSD before 2.1.5, and possibly other
programs.

Analysis
----------------
ED_PRI CAN-1999-1301 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1302
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1302
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:F-05
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-05.shtml
Reference: SCO:94:001
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-05.shtml

Vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local
users to gain root access.

Analysis
----------------
ED_PRI CAN-1999-1302 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1303
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1303
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:F-05
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-05.shtml
Reference: SCO:94:001
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-05.shtml

Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users
to gain root access.

Analysis
----------------
ED_PRI CAN-1999-1303 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1304
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1304
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:F-05
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-05.shtml
Reference: SCO:94:001
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-05.shtml

Vulnerability in login in SCO UNIX 4.2 and earlier allows local users
to gain root access.

Analysis
----------------
ED_PRI CAN-1999-1304 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1305
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1305
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:F-05
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-05.shtml
Reference: SCO:94:001
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-05.shtml

Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local
users to gain root access.

Analysis
----------------
ED_PRI CAN-1999-1305 1
Vendor Acknowledgement: yes advisory

This could be the same as CAN-1999-0033, but that CERT advisory
appears 3 years later and references SSE:sse007, so these are likely
different.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1308
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1308
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9611-041
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-91.shtml
Reference: CIAC:H-91
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-91.shtml

Certain programs in HP-UX 10.20 do not properly handle large user IDs
(UID) or group IDs (GID) over 60000, which could allow local users to
gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1308 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1310
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: CIAC:F-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-01.shtml
Reference: SGI:19941001-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19941001-01-P
Reference: MISC:http://www.netsys.com/firewalls/firewalls-9410/0019.html

/usr/lib/vadmin/serial_ports in SGI IRIX 5.x and earlier trusts the
PATH environmental variable to find the ls program, which allows local
users to gain root access.

Analysis
----------------
ED_PRI CAN-1999-1310 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1311
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1311
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9701-046
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml
Reference: CIAC:H-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml

Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows
local users to bypass authentication and gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1311 1
Vendor Acknowledgement: yes advisory

Since HP published an advisory for the authentication problem in 1997,
2 years before CVE-1999-0713 (Compaq dtlogin, no details available) as
well as the separate dtsession buffer overflows described in
CVE-1999-0693 and CAN-2001-0426, it's a reasonable guess that this is
truly a different issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1313
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:G-24
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-24.shtml
Reference: FREEBSD:FreeBSD-SA-96:11
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:11.man.asc

Manual page reader (man) in FreeBSD 2.2 and earlier allows local users
to gain privileges via a sequence of commands.

Analysis
----------------
ED_PRI CAN-1999-1313 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1314
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1314
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:G-24
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-24.shtml
Reference: FREEBSD:FreeBSD-SA-96:10
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:10.mount_union.asc

Vulnerability in union file system in FreeBSD 2.2 and earlier, and
possibly other operating systems, allows local users to cause a denial
of service (system reload) via a series of certain mount_union
commands.

Analysis
----------------
ED_PRI CAN-1999-1314 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1319
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SGI:19960101-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19960101-01-PX

Vulnerability in object server program in SGI IRIX 5.2 through 6.1
allows remote attackers to gain root privileges in certain
configurations.

Analysis
----------------
ED_PRI CAN-1999-1319 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1384
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1384
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961030 (Another) vulnerability in new SGIs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420095&w=2
Reference: AUSCERT:AA-96.08
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul
Reference: SGI:19961101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I
Reference: BID:470
Reference: URL:http://www.securityfocus.com/bid/470

Indigo Magic System Tour in the SGI system tour package (systour) for
IRIX 5.x through 6.3 allows local users to gain root privileges via a
Trojan horse .exitops program, which is called by the inst command
that is executed by the RemoveSystemTour program.

Analysis
----------------
ED_PRI CAN-1999-1384 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1385
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1385
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961219 Exploit for ppp bug (FreeBSD 2.1.0).
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420332&w=2
Reference: FREEBSD:FreeBSD-SA-96:20
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:20.stack-overflow.asc

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local
users to gain privileges via a long HOME environment variable.

Analysis
----------------
ED_PRI CAN-1999-1385 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1401
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1401
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SGI:19961201-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961201-01-PX
Reference: BID:463
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=463

Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2
sets insecure permissions for certain user files (iconbook and
searchbook).

Analysis
----------------
ED_PRI CAN-1999-1401 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1409
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1409
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980703 more about 'at'
Reference: URL:http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html
Reference: BUGTRAQ:19980805 irix-6.2 "at -f" vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90233906612929&w=2
Reference: NETBSD:NetBSD-SA1998-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc
Reference: BID:331
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=331

The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local
users to read portions of arbitrary files by submitting the file to at
with the -f argument, which generates error messages that at sends to
the user via e-mail.

Analysis
----------------
ED_PRI CAN-1999-1409 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1411
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1411
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: DEBIAN:19981126 new version of fsp fixes security flaw
Reference: URL:http://lists.debian.org/debian-security-announce/1998/debian-security-announce-1998/msg00033.html
Reference: BUGTRAQ:19981128 Debian: Security flaw in FSP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91228908407679&w=2
Reference: BUGTRAQ:19981130 Debian: Security flaw in FSP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91244712808780&w=2
Reference: BUGTRAQ:19990217 Debian GNU/Linux 2.0r5 released (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91936850009861&w=2
Reference: BID:316
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=316

The installation of the fsp package 2.71-10 in Debian Linux 2.0 adds
the anonymous FTP user without notifying the administrator, which
could automatically enable anounymous FTP on some servers such as
wu-ftp.

Analysis
----------------
ED_PRI CAN-1999-1411 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1419
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1419
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00148
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/148
Reference: BID:219
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=219

Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and
2.4 allows local users to gain root privileges.

Analysis
----------------
ED_PRI CAN-1999-1419 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1423
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1423
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970626 Solaris Ping bug (DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319160&w=2
Reference: BUGTRAQ:19970627 SUMMARY: Solaris Ping bug (DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319171&w=2
Reference: BUGTRAQ:19970627 Solaris Ping bug(inetsvc)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319181&w=2
Reference: BUGTRAQ:19971005 Solaris Ping Bug and other [bc] oddities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319180&w=2
Reference: SUN:00146
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/146
Reference: BID:209
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=209

ping in Solaris 2.3 through 2.6 allows local users to cause a denial
of service (crash) via a ping request to a multicast address through
the loopback interface, e.g. via ping -i.

Analysis
----------------
ED_PRI CAN-1999-1423 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1457
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1457
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUSE:19991116 thttpd
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt

Buffer overflow in thttpd HTTP server before 2.04-31 allows remote
attackers to execute arbitrary commands via a long date string, which
is not properly handled by the tdate_parse function.

Analysis
----------------
ED_PRI CAN-1999-1457 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1461
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1461
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970507 Irix: misc
Reference: URL:http://www.securityfocus.com/archive/1/6702
Reference: SGI:20001101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I
Reference: BID:381
Reference: URL:http://www.securityfocus.com/bid/381

inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH
environmental variable to find and execute the ttsession program,
which allows local users to obtain root access by modifying the PATH
to point to a Trojan horse ttsession program.

Analysis
----------------
ED_PRI CAN-1999-1461 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1494
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19940809 Re: IRIX 5.2 Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/675
Reference: BUGTRAQ:19950307 sigh. another Irix 5.2 hole.
Reference: URL:http://www.tryc.on.ca/archives/bugtraq/1995_1/0614.html
Reference: SGI:19950209-00-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950209-01-P
Reference: XF:sgi-colorview(2112)
Reference: URL:http://xforce.iss.net/static/2112.php
Reference: BID:336
Reference: URL:http://www.securityfocus.com/bid/336

colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local
attackers to read arbitrary files via the -text argument.

Analysis
----------------
ED_PRI CAN-1999-1494 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1079
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1079
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990506 AIX Security Fixes Update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92601792420088&w=2
Reference: BUGTRAQ:19990825 AIX security summary
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93587956513233&w=2
Reference: AIXAPAR:IX80470
Reference: URL:http://www-1.ibm.com/servlet/support/manager?rs=0&rt=0&org=apars&doc=08E0B1A1B85472A1852567C90031BB36
Reference: BID:439
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=439

Vulnerability in ptrace in AIX 4.3 allows local users to gain
privileges by attaching to a setgid program.

Analysis
----------------
ED_PRI CAN-1999-1079 2
Vendor Acknowledgement: yes patch

Without detailed information, it is uncertain to know if this is
related to CVE-1999-0694 (which doesn't list this APAR). However,
CVE-1999-0694 was announced in July 1999, a while after this report
had been public (7/17/1998).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1297
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1297
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUNBUG:1077164
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20

cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier
allows attackers with physical access to the system to display
unechoed characters (such as those from password prompts) via the
L2/AGAIN key.

Analysis
----------------
ED_PRI CAN-1999-1297 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1318
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUNBUG:1121935
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100630&zone_32=112193%2A%20

/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that
includes the current working directory (.), which allows local users
to gain privileges via Trojan horse programs.

Analysis
----------------
ED_PRI CAN-1999-1318 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1486
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1486
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BID:408
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=408
Reference: AIXAPAR:IX75554
Reference: AIXAPAR:IX76853
Reference: AIXAPAR:IX76330

sadc in IBM AIX 4.1 through 4.3 allows local users to overwrite files
via a symlink attack.

Analysis
----------------
ED_PRI CAN-1999-1486 2
Vendor Acknowledgement: yes patch

ABSTRACTION:
This could be related to the sadc problem in other UNIXes as
discovered by 8lgm in 1994, but there are insufficient details to be
sure.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1487
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1487
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: AIXAPAR:IX74599
Reference: URL:http://www-1.ibm.com/servlet/support/manager?rt=0&rs=0&org=apars&doc=41D8B61D1E1C4FAB852567C9002C546C
Reference: BID:405
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=405

Vulnerability in digest in AIX 4.3 allows printq users to gain root
privileges by creating and/or modifing any file on the system.

Analysis
----------------
ED_PRI CAN-1999-1487 2
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1025
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981012 Annoying Solaris/CDE/NIS+ bug
Reference: URL:
Reference: SUNBUG:4115685
Reference: URL:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F106027&zone_32=411568%2A%20
Reference: BID:294
Reference: URL:http://www.securityfocus.com/bid/294

CDE screen lock program (screenlock) on Solaris 2.6 does not properly
lock an unprivileged user's console session when the host is an NIS+
client, which allows others with physical access to login with any
string.

Analysis
----------------
ED_PRI CAN-1999-1025 3
Vendor Acknowledgement: yes in SUNBUG:4115685
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1039
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SGI:19980502-01-P3030
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980502-01-P3030

Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches
2291 and 2848 allow a local user to create root-owned files leading to
a root compromise.

Analysis
----------------
ED_PRI CAN-1999-1039 3
Vendor Acknowledgement: yes in the referenced bugtraq announcement
Content Decisions: SF-EXEC

ABSTRACTION:
CD:SF-EXEC says to use the same entry for multiple executables that
are in the same package and version.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1088
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1088
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9701-050
Reference: CIAC:H-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml
Reference: XF:hp-chsh(2012)
Reference: URL:http://xforce.iss.net/static/2012.php

Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local
users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1088 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1089
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961209 the HP Bug of the Week!
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420285&w=2
Reference: HP:HPSBUX9701-049
Reference: CIAC:H-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml
Reference: CIAC:H-16
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-16.shtml
Reference: AUSCERT:AA-96.18
Reference: XF:hp-chfn(2008)

Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows
local users to gain privileges via a long command line argument.

Analysis
----------------
ED_PRI CAN-1999-1089 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1272
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1272
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SGI:19980301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX
Reference: XF:irix-cdrom-confidence(1635)
Reference: URL:http://xforce.iss.net/static/1635.php

Buffer overflows in CDROM Confidence Test program (cdrom) allow local
users to gain root privileges.

Analysis
----------------
ED_PRI CAN-1999-1272 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1424
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1424
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00145
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145
Reference: BID:208
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=208

Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions
when adding new users to the NIS+ password table, which allows local
users to gain root access by modifying their password table entries.

Analysis
----------------
ED_PRI CAN-1999-1424 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1425
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1425
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00145
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145
Reference: BID:208
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=208

Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write
permissions on source files for NIS maps, which could allow local
users to gain privileges by modifying /etc/passwd.

Analysis
----------------
ED_PRI CAN-1999-1425 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1426
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1426
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00145
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145
Reference: BID:208
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=208

Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links
when updating an NIS database, which allows local users to overwrite
arbitrary files.

Analysis
----------------
ED_PRI CAN-1999-1426 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1427
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1427
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00145
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145
Reference: BID:208
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=208

Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files
insecurely, which allows local users to gain root privileges.

Analysis
----------------
ED_PRI CAN-1999-1427 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1428
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1428
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00145
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145
Reference: BID:208
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=208

Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local
users to gain privileges via the save option in the Database Manager,
which is running with setgid bin privileges.

Analysis
----------------
ED_PRI CAN-1999-1428 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1450
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1450
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SCO:SB-99.03b
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.03b
Reference: SCO:SB-99.06b
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.06b
Reference: SCO:SSE020
Reference: URL:ftp://ftp.sco.COM/SSE/sse020.ltr
Reference: SCO:SSE023

Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX
OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier,
allows remote attackers to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1450 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1458
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1458
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows
Reference: URL:http://www.securityfocus.com/archive/1/12121
Reference: SCO:SSRT0583U
Reference: URL:http://ftp1.support.compaq.com/public/dunix/v4.0d/ssrt0583u.README
Reference: XF:du-at(3138)
Reference: URL:http://xforce.iss.net/static/3138.php

Buffer overflow in at program in Digital UNIX 4.0 allows local users
to gain root privileges via a long command line argument.

Analysis
----------------
ED_PRI CAN-1999-1458 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

As observed in the Bugtraq post, this may be the same vulnerability as
that discussed in CERT:CA-1997-18 (CAN-1999-0033).  However, there are
insufficient details in the CERT advisory to be certain.  The Compaq
advisory does not reference the CERT advisory, either.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1492
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1492
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: SGI:19980502-01-P3030
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980502-01-P3030
Reference: XF:sgi-diskalign(2104)
Reference: URL:http://xforce.iss.net/static/2104.php
Reference: XF:sgi-diskperf(2103)
Reference: URL:http://xforce.iss.net/static/2103.php
Reference: BID:348
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=348

Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows
local attacker to create arbitrary root owned files, leading to root
privileges.

Analysis
----------------
ED_PRI CAN-1999-1492 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

 
Page Last Updated: May 22, 2007