[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Cluster 26 - VERIFY-BUGTRAQ (23 candidates)



See my email on "When is a vulnerability sufficiently verified to
exist?" for background information regarding this cluster.

- Steve


VERIFY-BUGTRAQ (23 candidates)
--------------------
Scheduled Proposed: 7/27
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Problems discussed on Bugtraq but not seen in VDB's, or not confirmed



Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0378
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb22,1999

InterScan VirusWall for Solaris doesn't scan files for viruses when
a single HTTP request includes two GET commands.

VOTE:

=================================
Candidate: CAN-1999-0387
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

A legacy credential caching mechanism used in Windows 95 and Windows
98 systems allowed attackers to read plaintext network passwords.

VOTE:

=================================
Candidate: CAN-1999-0393
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Dec12,1999

Remote attackers can cause a denial of service in Sendmail 8.8.x and
8.9.2 by sending messages with a large number of headers.

VOTE:

=================================
Candidate: CAN-1999-0394
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan15,1999

DPEC Online Courseware allows an attacker to change another user's
password without knowing the original password.

VOTE:

=================================
Candidate: CAN-1999-0398
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan23,1999

In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will
allow users with expired accounts to login.

VOTE:

=================================
Candidate: CAN-1999-0399
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan24,1999

The DCC server command in the Mirc 5.5 client doesn't filter
characters from file names properly, allowing remote attackers to
place a malicious file in a different location, possibly allowing the
attacker to execute commands.

VOTE:

=================================
Candidate: CAN-1999-0400
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

Denial of service in Linux 2.2.0 running the ldd command on a core
file.

VOTE:

=================================
Candidate: CAN-1999-0401
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb2,1999

A race condition in Linux 2.2.1 allows local users to read arbitrary
memory from /proc files.

VOTE:

=================================
Candidate: CAN-1999-0406
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb19,1999
Reference: XF:digital-networker-bo

Digital Unix Networker program nsralist has a buffer overflow which
allows local users to obtain root privilege.

VOTE:

=================================
Candidate: CAN-1999-0407
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb19,1999

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains
files that can be used as proxies for brute force password attacks, or
to identify valid users on the system.

VOTE:

=================================
Candidate: CAN-1999-0419
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar17,1999

When the Microsoft SMTP service attempts to send a message to a server
and receives a 4xx error code, it quickly and repeatedly attempts to
redeliver the message, causing a denial of service.

VOTE:

=================================
Candidate: CAN-1999-0426
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar19,1999

The default permissions of /dev/kmem in Linux versions before 2.0.36
allows IP spoofing.

VOTE:

=================================
Candidate: CAN-1999-0427
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar20,1999
Reference: XF:eudora-long-attachments

Eudora 4.1 allows remote attackers to perform a denial of service by
sending attachments with long file names.

VOTE:

=================================
Candidate: CAN-1999-0431
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar24,1999

Linux 2.2.3 and earlier allow a remote attacker to perform an IP
fragmentation attack, causing a denial of service.

VOTE:

=================================
Candidate: CAN-1999-0434
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar31,1999
Reference: SF:359

XFree86 xfs command is vulnerable to a symlink attack, allowing
local users to create files in restricted directories, possibly
allowing them to gain privileges or cause a denial of service.

VOTE:

=================================
Candidate: CAN-1999-0443
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Apr9,1999
Reference: XF:bmc-patrol-replay

Patrol management software allows a remote attacker to conduct a
replay attack to steal the administrator password.

VOTE:

=================================
Candidate: CAN-1999-0444
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Apr12,1999

Remote attackers can perform a denial of service in Windows machines
using malicious ARP packets, forcing a message box display for each
packet or filling up log files.

VOTE:

=================================
Candidate: CAN-1999-0461
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind
allow a remote attacker to insert and delete entries by spoofing a
source address.

VOTE:

=================================
Candidate: CAN-1999-0462
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan14,1999
Reference: SF:339

suidperl in Linux Perl does not check the nosuid mount option on file
systems, allowing local users to gain root access by placing a setuid
script in a mountable file system, e.g. a CD-ROM or floppy disk.

VOTE:

=================================
Candidate: CAN-1999-0464
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

Local users can perform a denial of service in Tripwire 1.2 and
earlier using long filenames.

VOTE:

=================================
Candidate: CAN-1999-0480
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Apr15,1999

Local attackers can conduct a denial of service in Midnight Commander
4.x with a symlink attack.

VOTE:

=================================
Candidate: CAN-1999-0486
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Apr20,1999

Denial of service in AOL Instant Messenger when a remote attacker
sends a malicious hyperlink to the receiving client, potentially
causing a system crash.

VOTE:

=================================
Candidate: CAN-1999-0491
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Apr20,1999
Reference: SF:119

The prompt parsing in bash allows a local user to execute commands as
another user by creating a directory with the name of the command
to execute.

VOTE:

Page Last Updated or Reviewed: May 22, 2007