[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: PROPOSAL: Cluster 16 - NOREFS (23 candidates)

To: "'Steven M. Christey'" <coley@linus.mitre.org>, cve-editorial-board-list@lists.mitre.org
Subject: RE: PROPOSAL: Cluster 16 - NOREFS (23 candidates)
From: "Northcutt, Stephen, CIV, BMDO/DSC" <Stephen.Northcutt@bmdo.osd.mil>
Date: Wed, 14 Jul 1999 09:08:34 -0400
NOOP ALL

I kind of know some of these, just tried to duplicate the
IIS ../.. I don't want to vote for stuff for which I
have no clue.  There may be a ref for  the apache BO one, 
I know Real Secures get upset about really long URLs,
but I thought that was listed as a CERN problem. Is
WFTP the same as Washington U FTPd?

-----Original Message-----
From: Steven M. Christey [mailto:coley@LINUS.MITRE.ORG]
Sent: Wednesday, July 14, 1999 2:31 AM
To: cve-editorial-board-list@lists.mitre.org
Subject: PROPOSAL: Cluster 16 - NOREFS (23 candidates)


The following NOREFS cluster contains 23 candidates.  None of these
candidates has a public reference, although they were likely obtained
from some security tool database.  I looked for a vendor advisory for
most of these candidates and wasn't able to find one.

Proposed: 7/13
Scheduled Proposed: 7/6
Scheduled Interim Decision: 7/19
Scheduled Final Decision: 7/23

- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g.
reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0020
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Buffer overflow in Linux lpr command gives root access.

VOTE:

=================================
Candidate: CAN-1999-0107
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Buffer overflow in HTTP Apache 1.2 or earlier, up to 1.2.5.

VOTE:

=================================
Candidate: CAN-1999-0110
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Buffer overflow in fbformat command in Solaris.

VOTE:

=================================
Candidate: CAN-1999-0114
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Local users can execute commands as other users, and read other users'
files, through the filter command in the Elm elm-2.4 mail package
using a symlink attack.

VOTE:

=================================
Candidate: CAN-1999-0115
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

AIX bugfiler program allows local users to gain root access.

VOTE:

=================================
Candidate: CAN-1999-0118
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

AIX infod allows local users to gain root access through an X display.

VOTE:

=================================
Candidate: CAN-1999-0194
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Denial of service in in.comsat allows attackers to generate messages.

VOTE:

=================================
Candidate: CAN-1999-0195
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Denial of service in RPC portmapper allows attackers to register or
unregister RPC services, or spoof RPC services.

VOTE:

=================================
Candidate: CAN-1999-0200
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

WFTP would allow an attacker to log into the FTP server using any
username and password.

VOTE:

=================================
Candidate: CAN-1999-0210
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Automount daemon in Solaris allows local or remote users privileged access,
and access to remote users in conjunction with rpc.statd.

VOTE:

=================================
Candidate: CAN-1999-0217
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Malicious option settings in UDP packets could force a reboot in SunOS
4.1.3 systems.

VOTE:

=================================
Candidate: CAN-1999-0218
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Livingston portmaster machines could be rebooted via a series
of commands.

VOTE:

=================================
Candidate: CAN-1999-0222
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Denial of service in Cisco IOS web server allows attackers to reboot
the router using a long URL.

VOTE:

=================================
Candidate: CAN-1999-0223
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Solaris syslogd crashes when receiving a message from a host that
doesn't have an inverse DNS entry.

VOTE:

=================================
Candidate: CAN-1999-0227
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Denial of service in LSASS.EXE program in Windows NT.

VOTE:

=================================
Candidate: CAN-1999-0229
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Denial of service in Windows NT IIS server using ..\..

VOTE:

=================================
Candidate: CAN-1999-0239
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Netscape FastTrack Web server lists files when a lowercase "get"
command is used instead of an uppercase GET.

VOTE:

=================================
Candidate: CAN-1999-0242
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Remote attackers can access mail files via POP3 in some Linux systems
that are using shadow passwords.

VOTE:

=================================
Candidate: CAN-1999-0243
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Linux cfingerd could be exploited to gain root access.

VOTE:

=================================
Candidate: CAN-1999-0249
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Windows NT RSHSVC program allows remote users to execute arbitrary
commands.

VOTE:

=================================
Candidate: CAN-1999-0286
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

In some NT web servers, appending a space at the end of a URL may
allows attackers to read source code for active pages.

VOTE:

=================================
Candidate: CAN-1999-0287
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Vulnerability in the Wguest CGI program.

VOTE:

=================================
Candidate: CAN-1999-0330
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: SF

Linux bdash game has a buffer overflow that allows local users to
gain root access.

VOTE:
Prev by Date: PROPOSAL: Cluster 17 - MULT2 (14 candidates)
Next by Date: Re: PROPOSAL: Cluster 16 - NOREFS (23 candidates)
Prev by thread: Re: PROPOSAL: Cluster 16 - NOREFS (23 candidates)
Next by thread: PROPOSAL: Cluster 17 - MULT2 (14 candidates)
Index(es):
- Date
- Thread