FINAL DECISION: ACCEPT 1 candidate from VEN-others cluster

• To: cve-editorial-board-list@lists.mitre.org
• Subject: FINAL DECISION: ACCEPT 1 candidate from VEN-others cluster
• From: "Steven M. Christey" <coley@linus.mitre.org>
• Date: Sun, 18 Jul 1999 16:47:07 -0400 (EDT)
• Sender: owner-cve-editorial-board-list@lists.mitre.org

I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  Voting
details and comments are provided afterwards.

The CVE names for candidates that reach Final Decision should be
regarded as stable.  In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until the CVE goes fully
public.  The only difference between Publication and Final Decision is
that the CVE name is officially "announced" by MITRE during
Publication.

- Steve


Candidate       CVE Name
---------       ----------
CAN-1999-0433   CVE-1999-0433


=================================
Candidate: CAN-1999-0433
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUSE:Mar28,1999
Reference: BUGTRAQ:Mar21,1999
Reference: XF:xfree86-temp-directories

XFree86 startx command is vulnerable to a symlink attack, allowing local
users to create files in restricted directories, possibly allowing
them to gain privileges or cause a denial of service.

Modifications:
  ADDREF XF:xfree86-temp-directories

VOTES:
   ACCEPT(4) Shostack, Northcutt, Prosser, Hill
   MODIFY(1) Frech

COMMENTS:
 Frech> Reference: XF:xfree86-temp-directories

• Prev by Date: FINAL DECISION: ACCEPT 10 candidates from VEN-ROUTER cluster
• Next by Date: FINAL DECISION: ACCEPT 9 candidates from VEN-HP cluster
• Prev by thread: FINAL DECISION: ACCEPT 10 candidates from VEN-ROUTER cluster
• Next by thread: FINAL DECISION: ACCEPT 9 candidates from VEN-HP cluster
• Index(es):
  • Date
  • Thread