[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FINAL DECISION: ACCEPT 3 candidates from CERT cluster




I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  Voting
details and comments are provided afterwards.

The CVE names for candidates that reach Final Decision should be
regarded as stable.  In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until the CVE goes fully
public.  The only difference between Publication and Final Decision is
that the CVE name is officially "announced" by MITRE during
Publication.

- Steve


Candidate Number	CVE Name	Votes
----------------	----------	-----
CAN-1999-0334		CVE-1999-0334	ACCEPT(6)
CAN-1999-0337		CVE-1999-0337	ACCEPT(6)
CAN-1999-0338		CVE-1999-0338	ACCEPT(6)


=================================
Candidate: CAN-1999-0334
Published: 
Final-Decision: 19990705
Interim-Decision: 19990629
Modified: 
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:sol-startup
Reference: CERT:CA-93.19.Solaris.Startup.vulnerability

In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local
user with physical access to obtain root access.

VOTES:
ACCEPT (6) Wall, Shostack, Frech, Hill, Northcutt, Christey

=================================
Candidate: CAN-1999-0337
Published: 
Final-Decision: 19990705
Interim-Decision: 19990629
Modified: 
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html
Reference: XF:ibm-bsh

AIX batch queue (bsh) allows local and remote users to gain additional
privileges when network printing is enabled.

VOTES:
ACCEPT (6) Wall, Shostack, Frech, Hill, Northcutt, Christey

=================================
Candidate: CAN-1999-0338
Published: 
Final-Decision: 19990705
Interim-Decision: 19990629
Modified: 
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:ibm-perf-tools
Reference: CERT:CA-94.03.AIX.performance.tools 

AIX Licensed Program Product performance tools allow local users to
gain root access.

VOTES:
ACCEPT (6) Wall, Shostack, Frech, Hill, Northcutt, Christey

Page Last Updated or Reviewed: May 22, 2007