[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Cluster 31 - CFMISC (18 candidates)



The following candidates are miscellaneous configuration problems.
Some are likely to get REJECTed.  Others illustrate some challenges
with respect to describing configuration problems, either at the right
level of abstraction, or when the configuration provides some access
to an individual, but only the enterprise can know if that particular
individual should have that access.

Most of these vulnerabilities are reported by security tools.


Trust relationships/authentication shortcuts - CAN-1999-0515,
   CAN-1999-0539, CAN-1999-0547, CAN-1999-0583

Configuration anomalies - CAN-1999-0555, CAN-1999-0556, CAN-1999-0530,
   CAN-1999-0548, CAN-1999-0568, CAN-1999-0586

Not a vulnerability? - CAN-1999-0497, CAN-1999-0512, CAN-1999-0561,
   CAN-1999-0564, CAN-1999-0590

Information gathering/fingerprinting - CAN-1999-0531

Spaf's rule of thumb - CAN-1999-0565


- Steve




Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0497
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

Anonymous FTP is enabled

VOTE:

=================================
Candidate: CAN-1999-0512
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

Mail relay is enabled, allowing abuse by spammers.

VOTE:

=================================
Candidate: CAN-1999-0515
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

An unrestricted remote trust relationship for Unix systems has been
set up, e.g. by using a + sign in /etc/hosts.equiv.

VOTE:

=================================
Candidate: CAN-1999-0530
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A system is operating in "promiscuous" mode which allows it to perform
packet sniffing.

VOTE:

=================================
Candidate: CAN-1999-0531
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO.

VOTE:

=================================
Candidate: CAN-1999-0539
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A trust relationship exists between two Unix hosts.

VOTE:

=================================
Candidate: CAN-1999-0547
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

An SSH server allows authentication through the .rhosts file.

VOTE:

=================================
Candidate: CAN-1999-0548
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A superfluous NFS server is running, but it is not importing or exporting
any file systems.

VOTE:

=================================
Candidate: CAN-1999-0555
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A Unix account with a name other than "root" has UID 0, i.e. root
privileges.

VOTE:

=================================
Candidate: CAN-1999-0556
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

Two or more Unix accounts have the same UID.

VOTE:

=================================
Candidate: CAN-1999-0561
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

IIS has the #exec function enabled for Server Side Include (SSI) files.

VOTE:

=================================
Candidate: CAN-1999-0564
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

An attacker can force a printer to print arbitrary documents (e.g. if
the printer doesn't require a password) or to become disabled.

VOTE:

=================================
Candidate: CAN-1999-0565
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A Sendmail alias allows input to be piped to a program.

VOTE:

=================================
Candidate: CAN-1999-0568
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

rpc.admind in Solaris is not running in a secure mode.

VOTE:

=================================
Candidate: CAN-1999-0583
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

There is a one-way or two-way trust relationship between Windows NT
domains.

VOTE:

=================================
Candidate: CAN-1999-0586
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A network service is running on a nonstandard port.

VOTE:

=================================
Candidate: CAN-1999-0590
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A system does not present an appropriate legal message or warning to a
user who is accessing it.

VOTE:

Page Last Updated or Reviewed: May 22, 2007