[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FINAL DECISION: ACCEPT 4 SA category candidates



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  Voting
details and comments are provided afterwards.

The CVE names for candidates that reach Final Decision should be
regarded as stable.  In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until CVE goes fully public.
The only difference between Publication and Final Decision is that the
CVE name is officially "announced" by MITRE during Publication.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0612	CVE-1999-0612
CAN-1999-0626	CVE-1999-0626
CAN-1999-0627	CVE-1999-0627
CAN-1999-0628	CVE-1999-0628



=================================
Candidate: CAN-1999-0612
Published:
Final-Decision: 19990928
Interim-Decision: 19990925
Modified: 19990928-02
Proposed: 19990721
Assigned: 19990607
Category: SA
Reference: XF:finger-out
Reference: XF:finger-running

A version of finger is running that exposes valid user information
to any entity on the network.

Modifications:
  ADDREF XF:finger-out
  ADDREF XF:finger-running
  DESC give reason why finger is an exposure

VOTES:
   ACCEPT(5) Wall, Northcutt, Baker, Ozancin, Meunier
   MODIFY(2) Frech, Spafford

COMMENTS:
 Frech> XF:finger-out
 Frech> XF:finger-running
 Spafford> [Change the description to identify the original service]


=================================
Candidate: CAN-1999-0626
Published:
Final-Decision: 19990928
Interim-Decision: 19990925
Modified: 19990928-02
Proposed: 19990721
Assigned: 19990607
Category: SA
Reference: XF:rusersd
Reference: XF:ruser

A version of rusers is running that exposes valid user information
to any entity on the network.

Modifications:
  ADDREF XF:rusersd
  ADDREF XF:ruser
  DESC Say why rusers is an exposure

VOTES:
   ACCEPT(4) Northcutt, Baker, Ozancin, Meunier
   MODIFY(1) Frech
   NOOP(1) Wall

COMMENTS:
 Frech> XF:rusersd
 Frech> XF:ruser


=================================
Candidate: CAN-1999-0627
Published:
Final-Decision: 19990928
Interim-Decision: 19990925
Modified: 19990928-01
Proposed: 19990721
Assigned: 19990607
Category: SA
Reference: XF:rexd

The rexd service is running, which uses weak authentication that can
allow an attacker to execute commands.

Modifications:
  ADDREF XF:rexd
  Say why rexd is an exposure

VOTES:
   ACCEPT(5) Wall, Northcutt, Baker, Ozancin, Meunier
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:rexd


=================================
Candidate: CAN-1999-0628
Published:
Final-Decision: 19990928
Interim-Decision: 19990925
Modified: 19990928-01
Proposed: 19990721
Assigned: 19990607
Category: SA
Reference: XF:rwhod

The rwho/rwhod service is running, which exposes machine status
and user information.

Modifications:
  ADDREF XF:rwhod
  DESC Say why rwho is an exposure

VOTES:
   ACCEPT(4) Northcutt, Baker, Ozancin, Meunier
   MODIFY(1) Frech
   NOOP(1) Wall

COMMENTS:
 Frech> XF:rwhod

Page Last Updated or Reviewed: May 22, 2007